During the installation of POLDI I entered the command:
sudo sh -c ‘gpg-connect-agent “/datafile /etc/poldi/localdb/keys/D00600012401020000000000xxxxxxxx” “SCD READKEY --advanced OPENPGP.3” /bye’
like described in:
https://www.nitrokey.com/de/documentation/applications#p:nitrokey-storage&os:linux&a:computer-login
and I got the following error:
ERR 100663414 Ungültige ID <SCD>
What could I do to fix that?
I’m looking forward to your response and thank you for your time and help!
Hi,
did you put in the exact line? Because you have to change the ‘xxxxxx’ with the numbers of your actual Application ID.
(you get it from from “gpg --card-status | grep Application”)
Kind regards
Alex
yeah, I changed the application ID to the value given by
gpg --card-status | grep Application
to the value of mine.
Okay,
some things that can go wrong:
Please let me know if any of these helped.
Kind regars
Alex
Mybe it has something to do with your GnuPG version (http://gnupg.10057.n7.nabble.com/Poldi-example-usage-of-gpg-connect-agent-fails-td53233.html) What GnuPG version are you using right now (gpg --version)? What system are you using?
A subkey for authentication is available on the key.
all files and folders exist already.
pkill gives me two types of responses:
Seems to be the same error (together with the startup routine of gpg-connect-agent).
Here it seems to stuck in an endless way (red lamp of key is on, after a few minutes still not finished).
My system is Ubuntu 16.04.3 LTS.
GPG version is 1.4.20.
edit: when the loop error appears, the lamp of the nitrokey is on for a few minutes, then off for a few minutes.
Also a third error happened like:
As far as I remember you have to install gnupg2 manually on Ubuntu 16.04? Maybe give it a try. Chances are high that you need a way more recent GnuPG version.
And if a reading operation is stuck, I mostly just plug off the key and kill gpg-agent. But my keys are mostly for testing purposes anyway 
One problem with the instructions for poldi on the website is the fact, that we have to invoke the commands as root to write the output to /etc/. Therefore there may are two instances of gpg-agent working concurrently what is not the best thing to do.
You can either use ‘sudo pkill gpg-agent’ and ‘pkill gpg-agent’ to make sure the agents got killed (a reboot will do the job for sure ) and/or you can split up the oneliner so that no second instance is started:
gpg-connect-agent “SCD READKEY --advanced OPENPGP.3” /bye
-> paste the output manually in the file /etc/poldi/localdb/keys/YourApplicationID
I’ve installed gnupg2 now. Do I need to rewrite the commads to pass through gpg2 or do I need to remove gpg (v1) now?
using “gpg-connect-agent “SCD READKEY --advanced OPENPGP.3” /bye” gives me
@Tux:/etc$ gpg-connect-agent “SCD READKEY --advanced OPENPGP.3” /bye
gpg-connect-agent: Hinweis: --advanced' wird nicht als Option betrachtet gpg-connect-agent: Kein aktiver gpg-agent -/usr/bin/gpg-agent’ wird gestartet
gpg-connect-agent: Warte bis der gpg-agent bereit ist … (5s)
gpg-connect-agent: Verbindung zum gpg-agent aufgebaut
ERR 67109139 Unbekanntes IPC Kommando
ERR 67109144 IPC Parameterfehler - invalid length of keygrip
ERR 67109139 Unbekanntes IPC Kommando
ERR 67109139 Unbekanntes IPC Kommando
Hi,
okay I tested it myself with Ubuntu today. You are totally right, it is not working the way it should. I don’t know if it is the Ubuntu maintained version or just older GnuPG versions. Anyway, you should be able to use
poldi-ctrl -k
to get the key. Please save the output in the file /etc/poldi/localdb/keys/YourID
Note: poldi-ctrl is part of the package libpam-poldi which you have to install (apt install libpam-poldi). Unfortunately the option “-k” was deleted in the Debian package and probably on other distributions as well. One is supposed to use the gpg-connect-agent command we documented in our instructions instead, but apparently this isn’t working everywhere. This is a pity as this should be the universal usable option 
Thanks for your feedback, I update the instructions on our website.
Kind regards
Alex
Thank you for your work and help. I’m really happy if I could help updating the tutorial. Now it worked for me.
There was another step I had to take before it work. Only entering
poldi-ctrl -k > ;
gave me the following error:
can’t connect server: ERR 7 can't exec/usr/bin/scdaemon’: Datei oder Verzeichnis nicht gefunden’
poldi-ctrl: error: could not connect to any scdaemon: Ungültiges Paket
poldi-ctrl: error: failed to connect to scdaemon: Ungültiges Paket
I fixed this by copying the scdaemon (that was placed on another location) to the expected location:
sudo cp /usr/lib/gnupg2/scdaemon /usr/bin/scdaemon
now the above command worked.
After that I removed the scdaemon again by doing sudo rm /usr/bin/scdaemon.
Thank you very much for your great help and support, @nitroalex !!!