[bug][workaround][librem key]My librem key `316d:4c4b` not listed in udev&scdaemon `60-scdaemon.rules`

yw662 · July 23, 2019, 10:03pm

Update: my librem key 316d:4c4b is not listed in /lib/udev/rules.d/60-scdaemon.rules, as a result, udev would not setup permissions properly for the key.

It is PureOS.

yw662@yw662p:~$ uname -a
Linux yw662p 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux

I can only access my librem key under root/sudo. When trying to access librem key under normal account, gpg says gpg: selecting opengpg failed: no such device.

The librem key is listed in lsusb, so it seems that gpg or scdaemon cannot access the card without sudo.

It does work under root, but I want to use it to sign emails or make ssh logins, so I need it work without root.

Any ideas or am I missing sth ?

dc3p · July 23, 2019, 11:42pm

This might be helpful: https://forums.gentoo.org/viewtopic-p-7890296.html

Sounds like the same problem.

yw662 · July 24, 2019, 12:17am

Thank you. It is a sound solution to add the normal account to usb group or sth. like that. Will try it asap.

yw662 · July 24, 2019, 1:00am

Update: There is no such a group called usb in PureOS. The solution above should not be useful.

There IS a file at /lib/udev/rules.d/60-scdaemon.rules, which should have setup the required permissions properly. However, it failed.

I noticed my librem key is a 316d:4c4b device, which is not listed in 60-scdaemon.rules. That should be the reason.

Since this file is managed by scdaemon:

~$ dpkg-query -S /lib/udev/rules.d/60-scdaemon.rules 
scdaemon: /lib/udev/rules.d/60-scdaemon.rules

So, it means, scdaemon does not currently know my librem key. Which I would report to both librem key team and scdaemon team.

However, I am going to do some modification on this post first.

yw662 · July 24, 2019, 1:18am

Update: A possible workaround

add a .rules file under /etc/udev/rules.d, for me, I named it /etc/udev/rules.d/60-librem-key.rules

It should look like this:

# my librem key
SUBSYSTEM=="usb", ATTR{idVendor}=="316d", ATTR{idProduct}=="4c4b", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"

It will work after reboot, or should work after remove and plug in the librem key (not tested).

like this:

yw662@yw662p:~$ gpg --card-status
Reader ...........: 316D:4C4B:...:0
Application ID ...: ...
Version ..........: 3.3
Manufacturer .....: ZeitControl
...

kennethkoski · August 21, 2019, 2:47am

I had to add the above udev rule, and then also tell gpg what directory to use as the home directory. Otherwise it would create the sockets in the wrong place and fail with:

gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device

I used an env var to tell gpg what to use as its home directory:

GNUPGHOME=$(pwd)/.gnupg gpg --card-status

This is on Ubuntu 18.04

yw662 · October 9, 2019, 12:57am

This problem is sloved on current version of PureOS. I am not sure whether it is also true for other distros.

joao.azevedo · October 9, 2019, 10:01am

Yes the issue should be solved not only for PureOS but for all distros.