Hi all,
Here’s my TL;DR version of how to get the Nitrokey Pro working under RHEL7/CentOS 7.
- Install gnupg2-smime, pscs-lite, pcsc-lite-ccid and libqtxdg-qt5
sudo yum install gnupg2-smime pscs-lite pcsc-lite-ccid libqtxdg-qt5
-
edit /lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist and add the lines as described at nitrokey.com/documentation/ … o&os:linux
-
Download the nitrokey-app RPM and (unfortunately) force-install it
sudo rpm -ivh --force nitrokey-app-0.2-Linux.rpm
- Either reload udev rules or restart machine.
sudo udevadm control --reload
- Start the Nitrokey App either from the command line or (I use GNOME3) from the Accessories menu
Done. Your Nitrokey Pro should now show up and the app should be able to configure it.
NOTE: When you do
sudo gpg --card-status
you might get a “Card not present” error message the first time. Just repeat the command again and all should be fine.
GNOME users (like me): open gnome-session.properties and disable gpg-agent and ssh-agent. This change will allow you user access to the card with gpg. So no sudo needed.
Now to use your Nitrokey for ssh logins on remote machines, use these steps:
- Create ~/.gnupg/gpg-agent.conf and add the following line to it:
enable-ssh-support
- Create or edit your ~/.bashrc and add these lines:
envfile="$HOME/.gnupg/gpg-agent.env"
if -e "$envfile" ]] && kill -0 $(grep SSH_AGENT_PID "$envfile" | cut -d= -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
else
eval "$(gpg-agent --daemon --write-env-file "$envfile")"
fi
export SSH_AUTH_SOCK
- Open a new terminal (or logout and login to your session) and check with
$ ssh-add -l
that your card is recognized and the public key is available. With
$ ssh-add -L
you get the public key that you can add to the .ssh/authorized_keys file on your target machines.
Hope this helps.
Disclaimer: I work at Red Hat and will now try to get the ccid rules in our repos and will look for someone to help me get the nitrokey app in either EPEL or or other RPM repos.
Jan Wildeboer