GnuPG: Enable support for smartcards via internal CCID driver
It is useful for personal machines to enable the internal CCID driver as part of GnuPG, as well as scdaemon, and libusb support. This will allow GnuPG to use smartcards out-of-the-box (e.g. Yubikey devices, cards corresponding to the OpenPGP card specification, etc), and typically requires considerably less configuration than PCSC-lite and its external CCID driver.
The build-time options should be as follows:
- Build scdaemon: —enable-scdaemon
- Enable GnuPG’s internal CCID driver: —enable-ccid-driver
Additional dependencies: libusb. There will be a build-time dependency on the libusb-dev package too. The libusb dependency is not small, but in comparison to the entire GnuPG 2.x suite, it’s not a significant increase, however. It may make sense to split the GnuPG package up as Debian do, but this would probably incur additional workload and may not make sense given that some of the components of GnuPG 2.x are not widely used (other than a few libraries) outside of GnuPG 2.x itself.
Some caveats: In order to use this as a regular user, a given user must have permissions to the USB device. A given user can do this via udev rules (Debian provide a very comprehensive set of udev rules, which are part of their separate scdaemon package: e.g. https://packages.debian.org/stretch/amd64/scdaemon/filelist), or in the case of Gentoo, just create a group called “usb” which provides any given member access to USB devices. The latter solution will probably work in all cases, but it is not clear how safe it is to do this; it may depend on the use-case, so the former probably makes sense.
(from redmine: issue id 8621, created on 2018-03-07, closed on 2018-06-01)
- Changesets:
- Revision 25365ec0 on 2018-05-30T14:21:20Z:
main/gnupg: Enabled smartcard support as subpkg
- Added gnupg-scdaemon as subpackage
- Enabled internal CCID driver (support for Gnuk, NitroKey, YubiKey, ...)
- Added 60-scdaemon.rules udev rules to provide access to group gnupg
- Added pre-install for subpackage to create group gnupg
Fixes #8621