Feature #8621

GnuPG: Enable support for smartcards via internal CCID driver

Added by Anonymous over 1 year ago. Updated about 1 year ago.

Package update
Target version:
Start date:
Due date:
% Done:


Estimated time:


It is useful for personal machines to enable the internal CCID driver as part of GnuPG, as well as scdaemon, and libusb support. This will allow GnuPG to use smartcards out-of-the-box (e.g. Yubikey devices, cards corresponding to the OpenPGP card specification, etc), and typically requires considerably less configuration than PCSC-lite and its external CCID driver.

The build-time options should be as follows:
- Build scdaemon: --enable-scdaemon
- Enable GnuPG's internal CCID driver: --enable-ccid-driver

Additional dependencies: libusb. There will be a build-time dependency on the libusb-dev package too. The libusb dependency is not small, but in comparison to the entire GnuPG 2.x suite, it's not a significant increase, however. It may make sense to split the GnuPG package up as Debian do, but this would probably incur additional workload and may not make sense given that some of the components of GnuPG 2.x are not widely used (other than a few libraries) outside of GnuPG 2.x itself.

Some caveats: In order to use this as a regular user, a given user must have permissions to the USB device. A given user can do this via udev rules (Debian provide a very comprehensive set of udev rules, which are part of their separate scdaemon package: e.g., or in the case of Gentoo, just create a group called "usb" which provides any given member access to USB devices. The latter solution will probably work in all cases, but it is not clear how safe it is to do this; it may depend on the use-case, so the former probably makes sense.

Associated revisions

Revision 25365ec0 (diff)
Added by Marian Buschsieweke about 1 year ago

main/gnupg: Enabled smartcard support as subpkg

- Added gnupg-scdaemon as subpackage
- Enabled internal CCID driver (support for Gnuk, NitroKey, YubiKey, ...)
- Added 60-scdaemon.rules udev rules to provide access to group gnupg
- Added pre-install for subpackage to create group gnupg

Fixes #8621


#1 Updated by Anonymous about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Leonardo Arena about 1 year ago

  • Status changed from Resolved to New
  • % Done changed from 100 to 0

#3 Updated by Leonardo Arena about 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Disabled the tests for now: cb306003c5037472eaf2ddcb8caaad269d759d43

Also available in: Atom PDF