Cardman 4000 & Ubuntu Oneiric

[^rooker]

We've found an ancient PCMCIA smartcard reader in the depths of Das-Werkstatt...
and now I'd like to use it!

I've found a nice HowTo by a user named "fl0rian", titled: "Cardman 4000 with GnuPG".

I've installed pcscd, pcsc-tools and openct - and configured openct according to the above howto.

The reader shows up in "lspcmcia":

Socket 0 Bridge: [yenta_cardbus] (bus ID: 0000:04:00.0)
Socket 0 Device 0: [cm4000_cs] (bus ID: 0.0)

...but "pcsc_list" and "gpg" seem to still have problems talking to it:

Code: Select all

$ pcsc_scan

returns:

PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.5.5
Scanning present readers...
Waiting for the first reader...

And it stays like this forever, adding a line like this every second or so to "dmesg" output:

[ 1919.980022] cm4000_cs 0.0: cm4000_cs:

GPG's also not happy:

Code: Select all

$ gpg --card-status 

returns:

gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: card reader not available
gpg: OpenPGP card not available: general error

Tricky...

[^rooker]

Same hardware, same OS (and version), but it works now!

It seems that pcscd was not running. Calling it's init script:

Code: Select all

/etc/init.d/pcscd start

Didn't spawn a pcscd process

Running "pcsc_scan", does spawn a pcscd process.
Running "ps aux |grep pcs" shows:

pcscd --auto-exit

Unfortunately, that pcscd instance stays, even when quitting pcsc_scan, and it doesn't seem to actually be doing anything.

When starting pcscd in foreground (instead of daemon) "pcscd -f", the reader and the smartcard are detected, and even gpg is happy now:

gpg: detected reader `OpenCT 00 00'

Now there are some open questions for me:
1) Why is there an "exit 0" in /etc/init.d/pcscd, which prevents its code from ever being executed?
2) Why does it work with pcscd in foreground mode, but not as daemon?

[^rooker]

I think I figured it out! (Partially...)

It's an access rights problem.
Post #4 in the bug-report #690092 on Launchpad (beautiful bug-number, isn't it?) about "pcscd is not executed during startup" explains that it's intended that pcscd is started now by application that need it - and is stopped after they exit.

Quoting user "momcilo":

Once you close the context, the pcscd dies after some time.
This in turn causes pcscd to initiate driver without privileges to access usb device, and therefore no device appears.

The resolution is either to patch the /etc/pcscd (remove exit 0) or to adjust the permission for each possible device.

Here's a link to "pcscd auto start" article by pcscd's developer Ludociv Rousseau, for additional/official information.

[SOLUTION]
I always started "pcsc_scan" with my user privileges.
Running it as root, immediately shows the reader and the card:

Code: Select all

sudo pcsc_scan

Returns:

PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.5.5
Scanning present readers...
0: OpenCT 00 00

Wed Nov 7 22:19:06 2012
Reader 0: OpenCT 00 00
Card state: Card inserted,
ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
+ TS = 3B --> Direct Convention
+ T0 = FA, Y(1): 1111, K: 10 (historical bytes)
TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = FF --> Extra guard time: 255 (special value)
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
-----
TA(3) = 80 --> IFSC: 128
TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 00 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: C1
- Application selection: by full DF name
- Application selection: by partial DF name
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card without MF
Tag: 7, len: 3 (card capabilities)
Selection methods: C0
- DF selection by full DF name
- DF selection by partial DF name
Data coding byte: 01
- Behaviour of write functions: one-time write
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 00
- Logical channel number assignment: No logical channel
- Maximum number of logical channels: 1
Mandatory status indicator (3 last bytes)
LCS (life card cycle): 00 (No information given)
SW: 9000 (Normal processing.)
+ TCK = B1 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
OpenPGP

As momcilo said:
You can either adjust the device access rights or remove the "exit 0" in /etc/init.d/pcscd.

[^rooker]

Found a strange trick:
1) Run pcsc_scan as root:

Code: Select all

sudo pcsc_scan

2) Exit it with Ctrl+C.

3) Run pcsc_scan (or other smartcard tool) as regular user.


What happens is, that "pcscd --auto-exit" doesn't exit, but runs with root-rights.
Now, if you run a program that requires access to the card/reader over pcscd, access-rights are handled.