# OpenPGP Smartcard working with PGP/enigmail/ssh

## rootusr

I bought one of the GnuPG SmartCards for PGP/SSH use and had one hell of a time getting it to work.

First, I had 2 card readers that weren't supported, then, the support for gpg-agent in gentoo isn't so hot right now.

To start off, you need the following packages installed

```

sys-apps/pcsc-lite-1.6.6  USE="usb" 0 kB

app-crypt/ccid-1.4.1-r2 [1.4.1-r1] USE="usb -twinserial" 3 kB

app-crypt/gnupg-2.0.16-r2  USE="bzip2 ldap nls pcsc-lite smartcard -adns -caps -doc -openct (-selinux) -static" 0 kB

```

Then, do not set pcsc-lite to start at system startup (it screws with GPG).

copy /lib/udev/rules.d/99-pcscd-hotplug.rules to /etc/udev/rules.d

add the file /etc/X11/xinit/xinitrc.d/40-gpg-agent with the following contents

```
gpgagent="`which gpg-agent 2>/dev/null`"

if [ -n "$gpgagent" ] && [ -x "$gpgagent" ] && [ -z "$GPG_AGENT_INFO" ]; then

   echo "Starting gpg-agent"

   command="$gpgagent --daemon $command"

```

and that lets gpg-agent take over ssh stuff.

finally, my ~/.gnupg/gpg-agent.conf file looks like this

```

pinentry-program /usr/bin/pinentry-gtk-2

default-cache-ttl 900

enable-ssh-support

write-env-file

```

----------

## paulbiz

Sorry to bump this old thread... I'm trying to do the same thing. So far I can make it work with GPG, or Enigmail, but not both, and it never works with GNU Privacy Assistant... wonder if you learned any new tricks in the past year  :Smile:  Thanks.

Update: got it working now... followed above instructions, except delete 99-pcscd-hotplug.rules from my udev rules.d and ensure pcscd is not running. GnuPG 2.0.18 has built-in support for my cardreader now. After that, biggest confusion came from multiple instances of gpg-agent. Ensure there is only one (the new one  :Smile: ) and then it works from commandline, enigmail and GPA.

----------

