According to readers/supported_readers.txt, the "OMNIKEY AG CardMan 3121" reader (USB id 0x076B:0x3021) should be supported. However, the driver fails when transferring a key to the card from within GPG: gpg> keytocard Signature key ....: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX Encryption key....: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX Authentication key: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX Please select where to store the key: (1) Signature key (3) Authentication key Your selection? scdaemon[22293]: updating slot 0 status: 0x0000->0x0007 (0->1) 1 gpg: WARNING: such a key has already been stored on the card! Replace existing key? (y/N) y You need a passphrase to unlock the secret key for user: "Ulrich Müller <ulm@gentoo.org>" 3072-bit RSA key, ID XXXXXXXXXXXXXXXX, created XXXX-XX-XX scdaemon[22293]: existing key will be replaced scdaemon[22293]: 3 Admin PIN attempts remaining before card is permanently locked scdaemon[22293]: DBG: asking for PIN '|A|Please enter the Admin PIN' scdaemon[22293]: size of key 1 changed to 3072 bits scdaemon[22293]: 3 Admin PIN attempts remaining before card is permanently locked scdaemon[22293]: DBG: asking for PIN '|A|Please enter the Admin PIN' scdaemon[22293]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[22293]: apdu_send_simple(0) failed: general error scdaemon[22293]: failed to store the key: General error gpg: error writing key to card: General error gpg>
Created attachment 351694 [details, diff] Patch for src/commands.c Attached patch fixes the problem for me.
For completeness, here are the syslog messages from pcscd: Jun 23 00:19:48 juno pcscd: /var/tmp/portage/app-crypt/ccid-1.4.11/work/ccid-1.4.11/src/commands.c :1655:CmdXfrBlockTPDU_T0() Command too long (417 bytes) for max: 261 bytes Jun 23 00:19:48 juno pcscd: ifdwrapper.c:527:IFDTransmit() Card not transacted: 612 Jun 23 00:19:48 juno pcscd: winscard.c:1606:SCardTransmit() Card not transacted: 0x80100016
Hello Ludovic, I don't see this committed into upstream, any reason why not? any replacement? Thanks, Alon
Alon, I already answered in http://article.gmane.org/gmane.comp.lib.muscle/7762 I do not like to patch my driver (and add complexity) to support readers that do not follow CCID. The best solution is to use a reader that does support extended APDU in the normal way.
(In reply to Ludovic Rousseau from comment #4) > Alon, I already answered in > http://article.gmane.org/gmane.comp.lib.muscle/7762 > > I do not like to patch my driver (and add complexity) to support readers > that do not follow CCID. > > The best solution is to use a reader that does support extended APDU in the > normal way. Thank you Ludovic, I am closing this bug as I do not wish to maintain patches that never reach upstream. Thanks.
(In reply to Ludovic Rousseau from comment #4) > I do not like to patch my driver (and add complexity) to support readers > that do not follow CCID. What sort of reasoning is this? The only alternative to get the reader in question working would be to use the manufacturer's proprietary binary-only driver, which is not an acceptable solution. I don't understand why you want to suppress a free alternative when a simple patch (adding some 40 lines to the code) is readily available. Reopening, since "OMNIKEY AG CardMan 3121" is listed in supported_readers.txt.
Please note that I've already addressed your concerns about the "quirks lookup" in http://article.gmane.org/gmane.comp.lib.muscle/7763 and replaced it with conditions as suggested. What else needs to be done to get this accepted upstream?
(In reply to Ulrich Müller from comment #7) > Please note that I've already addressed your concerns about the "quirks > lookup" in http://article.gmane.org/gmane.comp.lib.muscle/7763 and replaced > it with conditions as suggested. > > What else needs to be done to get this accepted upstream? Please discuss this upstream, so other relevant people may join the discussion. Downstream bugzilla is not the place for this.
Discussion for patch inclusion should go to upstream. When it merged into upstream, please reopen. Thanks!
(In reply to Alon Bar-Lev from comment #9) > Discussion for patch inclusion should go to upstream. When it merged into > upstream, please reopen. Well, a patch against the latest version is attached and upstream is in CC. Not much more that I could do.