Card not found error

maxxware · January 12, 2018, 1:56pm

Hi forum,

I have a strange issue> After switching from XFCE to Gnome (Fedora 27) on my laptop I can no longer access the GPG keys on my Nitrokey Storage 32GB.

The USB part of the Nitrokey work fine, but when I want to access my GPG keys I see an error. Below is the output of the comand ‘gpg --card-status’:
gpg: detected reader Alcor Micro AU9560 00 00' gpg: detected reader Nitrokey Nitrokey Storage (0000000000000) 01 00’
gpg: apdu_send_simple(0) failed: no card
Please insert the card and hit return or enter ‘c’ to cancel:

I’ve tried to remove and insert the Nitrokey and reboot the system, but the problem remains. Any idea what might be worng?

Update: I’ve installed pcsc_scan and ran it. The output is:
pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr
Compiled with PC/SC lite version: 1.8.22
Using reader plug’n play mechanism
Scanning present readers…
0: Alcor Micro AU9560 00 00
1: Nitrokey Nitrokey Storage (0000000000000) 02 00

Fri Jan 12 16:41:01 2018
Reader 0: Alcor Micro AU9560 00 00
Card state: Card removed,
Reader 1: Nitrokey Nitrokey Storage (0000000000000) 02 00
Card state: Card inserted,
ATR: 00 40 18 D2 76 00 01 24 01 02 00 05 00 00 5E 96 00 00 90 00 8C

ATR: 00 40 18 D2 76 00 01 24 01 02 00 05 00 00 5E 96 00 00 90 00 8C

TS = 00 → UNDEFINED
T0 = 40, Y(1): 0100, K: 0 (historical bytes)
TC(1) = 18 → Extra guard time: 24
Historical bytes: D2 76 00 01 24 01 02 00 05 00 00 5E 96 00 00 90 00 8C
ERROR! ATR is too long: 18 extra byte(s). Truncating.
Your card is not a microprocessor card. It seems to be memory card.

I also checked the journal, output below:
Jan 12 16:34:18 arawn systemd[1]: Started PC/SC Smart Card Daemon.
Jan 12 16:34:21 arawn pcscd[1807]: 00000000 ccid_usb.c:1256:ControlUSB() control failed (3/3): -7 LIBUSB_ERROR_TIMEOUT
Jan 12 16:34:23 arawn pcscd[1807]: 02045958 auth.c:137:IsClientAuthorized() Process 1785 (user: 42) is NOT authorized for action: access_pcsc
Jan 12 16:34:23 arawn pcscd[1807]: 00000096 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
Jan 12 16:39:58 arawn pcscd[1807]: 99999999 ccid_usb.c:888:ReadUSB() read failed (3/8): -1 LIBUSB_ERROR_IO
Jan 12 16:39:58 arawn pcscd[1807]: 00000244 ifdhandler.c:1225:IFDHPowerICC() PowerUp failed
Jan 12 16:39:58 arawn pcscd[1807]: 00000019 eventhandler.c:303:EHStatusHandlerThread() Error powering up card: 2148532246 0x80100016
Jan 12 16:39:58 arawn pcscd[1807]: 00074850 ccid_usb.c:849:WriteUSB() write failed (3/8): -4 LIBUSB_ERROR_NO_DEVICE
Jan 12 16:39:58 arawn pcscd[1807]: 00000023 ifdwrapper.c:364:IFDStatusICC() Card not transacted: 617
Jan 12 16:39:58 arawn pcscd[1807]: 00000833 ifdhandler.c:151:CreateChannelByNameOrChannel() failed
Jan 12 16:39:58 arawn pcscd[1807]: 00000012 readerfactory.c:1105:RFInitializeReader() Open Port 0x200002 Failed (usb:20a0/4109:libudev:2:/dev/bus/usb/003/008)
Jan 12 16:39:58 arawn pcscd[1807]: 00000003 readerfactory.c:376:RFAddReader() Nitrokey Nitrokey Storage (0000000000000) init failed.
Jan 12 16:39:58 arawn pcscd[1807]: 00363411 winscard.c:264:SCardConnect() Reader Nitrokey Nitrokey Storage (0000000000000) 01 00 Not Found
Jan 12 16:39:59 arawn pcscd[1807]: 00636025 eventhandler.c:334:EHStatusHandlerThread() Error communicating to: Nitrokey Nitrokey Storage (0000000000000) 01 00
Jan 12 16:39:59 arawn pcscd[1807]: 00000124 ccid_usb.c:1312:InterruptRead() libusb_submit_transfer failed: LIBUSB_ERROR_NO_DEVICE
Jan 12 16:39:59 arawn pcscd[1807]: 00400181 ccid_usb.c:849:WriteUSB() write failed (3/8): -4 LIBUSB_ERROR_NO_DEVICE
Jan 12 16:40:26 arawn pcscd[1807]: 27378671 ifdhandler.c:151:CreateChannelByNameOrChannel() failed
Jan 12 16:40:26 arawn pcscd[1807]: 00000013 readerfactory.c:1105:RFInitializeReader() Open Port 0x200002 Failed (usb:20a0/4109:libudev:0:/dev/bus/usb/003/010)
Jan 12 16:40:26 arawn pcscd[1807]: 00000003 readerfactory.c:376:RFAddReader() Nitrokey Nitrokey Storage (0000000000000) init failed.
Jan 12 16:40:37 arawn pcscd[1807]: 10770046 ifdhandler.c:151:CreateChannelByNameOrChannel() failed
Jan 12 16:40:37 arawn pcscd[1807]: 00000122 readerfactory.c:1105:RFInitializeReader() Open Port 0x200003 Failed (usb:20a0/4109:libudev:2:/dev/bus/usb/003/010)
Jan 12 16:40:37 arawn pcscd[1807]: 00000026 readerfactory.c:376:RFAddReader() Nitrokey Nitrokey Storage (0000000000000) init failed.
Jan 12 16:40:57 arawn pcscd[1807]: 19695785 ccid_usb.c:849:WriteUSB() write failed (3/9): -4 LIBUSB_ERROR_NO_DEVICE

And finally, I also get the error with the Nitrokey removed from the system:
$ gpg --card-status
gpg: detected reader `Alcor Micro AU9560 00 00’
gpg: apdu_send_simple(0) failed: no card
Please insert the card and hit return or enter ‘c’ to cancel:

So, it’s not specifically related to the Nitrokey, but my system cannot access the card on the Nitrokey.

Thanks in advance,
Max

szszszsz · January 15, 2018, 7:46am

Hi!
My guess is you have some SELinux or similar software installed, which blocks access. Try listing card details under root - that should make a clue.

maxxware · January 15, 2018, 8:25am

Hi,

Thanks for replying. SELinux is set to permissive on this laptop and as root I also get the ‘card not available’ error. No luck yet in finding any other cause for this issue.

Max

szszszsz · January 15, 2018, 9:32am

Ah, I missed one thing. You have not changed the OSes, but just a WM (window manager). Since it is GNOME, then perhaps gnome-keyring has something to do with it. Could you:

switch back to XFCE for a minute and retest (if you still have it that is),
disable GUI (e.g. with init 3) and retest (this should close all GNOME apps and services)? Perhaps even going to init 1 might be needed.

I do not use Fedora/GNOME (yet), hence these are rather blind shots.

szszszsz · January 15, 2018, 12:15pm

You might check as well are UDEV rules in place. They should be while installing Nitrokey App from the package. If not, please download them and copy to your UDEV rules directory.

I think this might show up as well when it is already used by another process (like perhaps mentioned gnome-keyring).

nitroalex · January 15, 2018, 2:11pm

Hi,

is it possible that the second card reader (Alcor Micro AU9560 00 00) is just making trouble? Maybe switching the DE is just coincidence?
Is it possible to remove it (e.g. by disabling in BIOS or unplug, if easily possible)? Just to make sure…

Kind regards
Alex

maxxware · January 15, 2018, 4:22pm

Thanks for your ideas.

I’ve tested with and without udev rules, no luck. And stropping gnome-keyring also didn’t help.

maxxware · January 15, 2018, 4:25pm

I already thought of that. Unfortunately, I can’t disable this devie in BIOS or remove it (it’s built-in into the laptop).

nitroalex · January 15, 2018, 4:47pm

And did you tried the old DE again? (xfce?)

maxxware · January 15, 2018, 5:15pm

Yes, but I think that the installation of Gnome has changed somethin, because now the card isn’t working anymore in XXFCE either…

szszszsz · January 16, 2018, 12:48pm

@maxxware I am sorry but I have run out of ideas at the moment. In case I would got any I will get back to you.
Perhaps people from Fedora or Gnome forums/email lists might know what is going on and could reply in the meantime.

maxxware · January 16, 2018, 1:07pm

No problem, I’m happy with all input. Thanks for your help.

maxxware · January 23, 2018, 1:06pm

It seems like I’m on to something… After disabling the pcscd service I could get the card status via gpg --card-status. I’m just not sutre whether I need the pcscd service for other stuff, or can I just switch it off?

szszszsz · January 23, 2018, 1:55pm

Ah, the pcscd. Indeed, it blocks the usage of gpg for me too on everyday use and I just learned the routine of killing it when GnuPG reports connection issues.

Some applications might need it to access the smartcard. While scdaemon seems to be only for GnuPG, pcscd seems to be used in general by applications for smartcard communication. Python applications could use it by pyscard library. Perhaps Firefox/Chrome could use it too.
Here is the project page: http://pcsclite.alioth.debian.org/pcsclite.html.
My guess is GNOME is using it to access the smartcard and add its keys to keyring.

I have focused on pcscd errors from yours log and missed that these too might conflict. Both wants to use the smartcard exclusively by design.

nitroalex · January 29, 2018, 10:19am

You need pcsc for OpenSC functions as well.

If you are using everything with help of GnuPG you won’t miss it in most cases, as far I can see. I have it disabled most of the time because of the problems you described. Another approach is seen on the Arch Linux wiki (basically suggesting to use the pcsc driver every time to prevent the blocking of the smartcard). I haven’t tested it so far and I am not aware of possible side effects yet…