# [SOLVED] Smartcard only works as root?

## fklama

I've recently bought a YubiKey4, and while getting the FIDO U2P and OATH-SHA1 to work

wasn't trivial (some udev hacking needed), it now works well.

However, I'd also like to use the OpenPGP SmartCard feature, while running 

'gpg --card-status' as root, outputs info about the Key, running it as my regular user just

gets me "gpg: OpenPGP card not available: Not supported".

/var/log/messages on card insertion:

```

Mar  8 11:25:44 XMG kernel: usb 3-2: new full-speed USB device number 61 using xhci_hcd

Mar  8 11:25:44 XMG kernel: usb 3-2: New USB device found, idVendor=1050, idProduct=0407

Mar  8 11:25:44 XMG kernel: usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0

Mar  8 11:25:44 XMG kernel: usb 3-2: Product: Yubikey 4 OTP+U2F+CCID

Mar  8 11:25:44 XMG kernel: usb 3-2: Manufacturer: Yubico

Mar  8 11:25:44 XMG kernel: usb 3-2: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes

Mar  8 11:25:44 XMG kernel: input: Yubico Yubikey 4 OTP+U2F+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-2/3-2:1.0/0003:1050:0407.04DF/input/input1249

Mar  8 11:25:44 XMG kernel: hid-generic 0003:1050:0407.04DF: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:14.0-2/input0

Mar  8 11:25:44 XMG kernel: hid-generic 0003:1050:0407.04E0: hiddev0,hidraw5: USB HID v1.10 Device [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:14.0-2/input1

```

/etc/udev/rules.d/70-u2f.rules content:

```

ACTION!="add|change", GOTO="u2f_end"

# Yubico YubiKey

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", GROUP="plugdev", MODE="0660"

LABEL="u2f_end"

```

/etc/udev/rules.d/gnupg.rules content:

```

ACTION!="add|change", GOTO="gpg_end"

# Yubico YubiKey

SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="1050" , GROUP="plugdev", MODE="0660"

LABEL="gpg_end"

```

My user is a member of the group plugdev.

Any help in getting this to work is appreciated.

Edit: Made an error with the paths, they are udev rules, nothing to do with pam.Last edited by fklama on Thu Mar 10, 2016 8:33 pm; edited 2 times in total

----------

## Tatsh

Have you tried newgrp or restarting your session?

----------

## fklama

Yes, I did. In fact, just to make sure, I've even rebooted my machine.

----------

## fklama

Is there some way that I can check which device gpg is trying to use?

To me this seems to be a problem with access rights, since I can easily access the card as root.

I assume that some more udev hacking is needed.

----------

## py-ro

Normaly you don't need to change udev rules changes for the yubikeys.

Are you in the "pcscd"  group?

----------

## fklama

@py-ro: Thanks for the suggestion, I was not. I am now, unfortunately this didn't change anything.

```

➜ ~ % su - fklama      

Testing for gpg-agent

No Agent, starting...

GPG_AGENT_INFO=/tmp/gpg-KLchJU/S.gpg-agent:31531:1; export GPG_AGENT_INFO;

SSH_AUTH_SOCK=/tmp/gpg-D2CGeF/S.gpg-agent.ssh; export SSH_AUTH_SOCK;

SSH_AGENT_PID=31531; export SSH_AGENT_PID;

➜ ~ % groups           

wheel audio video games bumblebee pcscd openct plugdev scanner vlock fklama

➜ ~ % gpg --card-status 

gpg: OpenPGP card not available: Not supported

```

----------

## py-ro

If you accessed the "card" as root, you need to replug it atleast. Also make a new user Session, su alone won't work well for "reasons".

----------

## fklama

@py-ro: I always replug my key whenever I try this. I've just tried a fresh login and still no luck.

I've just tried it on a Debian machine, as the user, it works there, without any problems.

This is really frustrating. I like Gentoo, and a recent problem I had with GFX drivers just stopping

to work with Debian has just shown me why I use Gentoo. But I wish these things would just work.

----------

## fklama

Solved it, I ran gpg --card-edit as root and found the device it was using,

and found that I need to add my user to the usb group. Now it works.

It also seems I need to issue a:

```

gpg-connect-agent RELOADAGENT /bye

```

after reconnecting my YubiKey, or gpg won't recognize it again.

----------

