1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-08 21:18:51 +01:00
gnupg/doc/scdaemon.texi

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

761 lines
23 KiB
Plaintext
Raw Normal View History

2006-06-20 19:47:10 +02:00
@c Copyright (C) 2002 Free Software Foundation, Inc.
2003-01-09 14:24:01 +01:00
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@include defs.inc
2003-01-09 14:24:01 +01:00
@node Invoking SCDAEMON
@chapter Invoking the SCDAEMON
@cindex SCDAEMON command options
@cindex command options
@cindex options, SCDAEMON command
2006-08-17 20:01:25 +02:00
@manpage scdaemon.1
@ifset manverb
.B scdaemon
2006-08-17 21:58:28 +02:00
\- Smartcard daemon for the GnuPG system
2006-08-17 20:01:25 +02:00
@end ifset
@mansect synopsis
@ifset manverb
.B scdaemon
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-server
2006-08-17 20:01:25 +02:00
.br
.B scdaemon
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.B \-\-daemon
2006-08-17 20:01:25 +02:00
.RI [ command_line ]
@end ifset
@mansect description
The @command{scdaemon} is a daemon to manage smartcards. It is usually
2006-08-17 20:01:25 +02:00
invoked by @command{gpg-agent} and in general not used directly.
2003-01-09 14:24:01 +01:00
2006-08-17 20:01:25 +02:00
@manpause
@xref{Option Index}, for an index to @command{scdaemon}'s commands and
options.
@mancont
2003-01-09 14:24:01 +01:00
@menu
* Scdaemon Commands:: List of all commands.
* Scdaemon Options:: List of all options.
* Card applications:: Description of card applications.
* Scdaemon Configuration:: Configuration files.
2003-01-09 14:24:01 +01:00
* Scdaemon Examples:: Some usage examples.
* Scdaemon Protocol:: The protocol the daemon uses.
@end menu
2006-08-17 20:01:25 +02:00
@mansect commands
2003-01-09 14:24:01 +01:00
@node Scdaemon Commands
@section Commands
Commands are not distinguished from options except for the fact that
only one command is allowed.
2003-01-09 14:24:01 +01:00
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Note that you cannot
2003-01-09 14:24:01 +01:00
abbreviate this command.
@item --help, -h
@opindex help
2009-07-22 15:33:46 +02:00
Print a usage message summarizing the most useful command-line options.
Note that you cannot abbreviate this command.
2003-01-09 14:24:01 +01:00
@item --dump-options
@opindex dump-options
Print a list of all available options and commands. Note that you cannot
2003-01-09 14:24:01 +01:00
abbreviate this command.
@item --server
@opindex server
Run in server mode and wait for commands on the @code{stdin}. The
2003-01-09 14:24:01 +01:00
default mode is to create a socket and listen for commands there.
@item --multi-server
@opindex multi-server
Run in server mode and wait for commands on the @code{stdin} as well as
on an additional Unix Domain socket. The server command @code{GETINFO}
may be used to get the name of that extra socket.
2003-01-09 14:24:01 +01:00
@item --daemon
@opindex daemon
Run the program in the background. This option is required to prevent
2009-07-22 15:33:46 +02:00
it from being accidentally running in the background.
2003-01-09 14:24:01 +01:00
@end table
2006-08-17 20:01:25 +02:00
@mansect options
2003-01-09 14:24:01 +01:00
@node Scdaemon Options
@section Option Summary
@table @gnupgtabopt
@item --options @var{file}
@opindex options
Reads configuration from @var{file} instead of from the default
per-user configuration file. The default configuration file is named
@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly
below the home directory of the user.
2003-01-09 14:24:01 +01:00
@include opt-homedir.texi
2003-01-09 14:24:01 +01:00
@item -v
@item --verbose
@opindex v
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
verbose commands to @command{gpgsm}, such as @samp{-vv}.
2003-01-09 14:24:01 +01:00
2004-02-18 17:58:29 +01:00
@item --debug-level @var{level}
@opindex debug-level
2009-12-03 19:04:40 +01:00
Select the debug level for investigating problems. @var{level} may be
a numeric value or a keyword:
2004-02-18 17:58:29 +01:00
2006-08-17 20:01:25 +02:00
@table @code
@item none
2009-12-03 19:04:40 +01:00
No debugging at all. A value of less than 1 may be used instead of
the keyword.
@item basic
2009-12-03 19:04:40 +01:00
Some basic debug messages. A value between 1 and 2 may be used
instead of the keyword.
2006-08-17 20:01:25 +02:00
@item advanced
2009-12-03 19:04:40 +01:00
More verbose debug messages. A value between 3 and 5 may be used
instead of the keyword.
2006-08-17 20:01:25 +02:00
@item expert
2009-12-03 19:04:40 +01:00
Even more detailed messages. A value between 6 and 8 may be used
instead of the keyword.
2006-08-17 20:01:25 +02:00
@item guru
2009-12-03 19:04:40 +01:00
All of the debug messages you can get. A value greater than 8 may be
used instead of the keyword. The creation of hash tracing files is
only enabled if the keyword is used.
2006-08-17 20:01:25 +02:00
@end table
2004-02-18 17:58:29 +01:00
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
2004-02-18 17:58:29 +01:00
however carefully selected to best aid in debugging.
@quotation Note
All debugging options are subject to change and thus should not be used
by any application program. As the name says, they are only used as
helpers to debug problems.
@end quotation
2003-01-09 14:24:01 +01:00
@item --debug @var{flags}
@opindex debug
Set debug flags. All flags are or-ed and @var{flags} may be given
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
To get a list of all supported flags the single word "help" can be
used. This option is only useful for debugging and the behavior may
change at any time without notice.
2003-01-09 14:24:01 +01:00
@item --debug-all
@opindex debug-all
Same as @code{--debug=0xffffffff}
@item --debug-wait @var{n}
@opindex debug-wait
When running in server mode, wait @var{n} seconds before entering the
actual processing loop and print the pid. This gives time to attach a
debugger.
@item --debug-ccid-driver
@opindex debug-wait
Enable debug output from the included CCID driver for smartcards.
Using this option twice will also enable some tracing of the T=1
protocol. Note that this option may reveal sensitive data.
@item --debug-disable-ticker
@opindex debug-disable-ticker
This option disables all ticker functions like checking for card
insertions.
@item --debug-allow-core-dump
@opindex debug-allow-core-dump
For security reasons we won't create a core dump when the process
aborts. For debugging purposes it is sometimes better to allow core
dump. This option enables it and also changes the working directory to
@file{/tmp} when running in @option{--server} mode.
@item --debug-log-tid
@opindex debug-log-tid
This option appends a thread ID to the PID in the log output.
@item --debug-assuan-log-cats @var{cats}
@opindex debug-assuan-log-cats
@efindex ASSUAN_DEBUG
Changes the active Libassuan logging categories to @var{cats}. The
value for @var{cats} is an unsigned integer given in usual C-Syntax.
A value of 0 switches to a default category. If this option is not
used the categories are taken from the environment variable
@code{ASSUAN_DEBUG}. Note that this option has only an effect if the
Assuan debug flag has also been with the option @option{--debug}. For
a list of categories see the Libassuan manual.
2003-01-09 14:24:01 +01:00
@item --no-detach
@opindex no-detach
Don't detach the process from the console. This is mainly useful for
2003-01-09 14:24:01 +01:00
debugging.
@item --listen-backlog @var{n}
@opindex listen-backlog
Set the size of the queue for pending connections. The default is 64.
This option has an effect only if @option{--multi-server} is also
used.
2003-01-09 14:24:01 +01:00
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. Use @file{socket://} to log to
socket.
2003-01-09 14:24:01 +01:00
@item --pcsc-shared
@opindex pcsc-shared
Use shared mode to access the card via PC/SC. This is a somewhat
2021-03-14 11:30:23 +01:00
dangerous option because Scdaemon assumes exclusive access to the
card and for example caches certain information from the card. Use
this option only if you know what you are doing.
2005-06-20 19:32:44 +02:00
@item --pcsc-driver @var{library}
@opindex pcsc-driver
Use @var{library} to access the smartcard reader. The current default
is @file{libpcsclite.so}. Instead of using this option you might also
want to install a symbolic link to the default file name
(e.g. from @file{libpcsclite.so.1}).
2003-01-09 14:24:01 +01:00
2003-08-05 19:11:04 +02:00
@item --ctapi-driver @var{library}
2005-06-20 19:32:44 +02:00
@opindex ctapi-driver
2003-08-05 19:11:04 +02:00
Use @var{library} to access the smartcard reader. The current default
2005-06-20 19:32:44 +02:00
is @file{libtowitoko.so}. Note that the use of this interface is
deprecated; it may be removed in future releases.
2003-08-05 19:11:04 +02:00
@item --disable-ccid
2005-06-20 19:32:44 +02:00
@opindex disable-ccid
Disable the integrated support for CCID compliant readers. This
allows falling back to one of the other drivers even if the internal
2005-06-20 19:32:44 +02:00
CCID driver can handle the reader. Note, that CCID support is only
available if libusb was available at build time.
@item --reader-port @var{number_or_string}
@opindex reader-port
This option may be used to specify the port of the card terminal. A
value of 0 refers to the first serial device; add 32768 to access USB
devices. The default is 32768 (first USB device). PC/SC or CCID
readers might need a string here; run the program in verbose mode to get
a list of available readers. The default is then the first reader
found.
To get a list of available CCID readers you may use this command:
@cartouche
@smallexample
echo scd getinfo reader_list \
| gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
@end smallexample
@end cartouche
@item --card-timeout @var{n}
@opindex card-timeout
This option is deprecated. In GnuPG 2.0, it used to be used for
DISCONNECT command to control timing issue. Since DISCONNECT command
works synchronously, it has no effect.
@item --enable-pinpad-varlen
@opindex enable-pinpad-varlen
Please specify this option when the card reader supports variable
length input for pinpad (default is no). For known readers (listed in
ccid-driver.c and apdu.c), this option is not needed. Note that if
your card reader doesn't supports variable length input but you want
to use it, you need to specify your pinpad request on your card.
@item --disable-pinpad
@opindex disable-pinpad
Even if a card reader features a pinpad, do not try to use it.
2009-01-28 15:18:40 +01:00
@item --deny-admin
@opindex deny-admin
2009-01-28 15:18:40 +01:00
@opindex allow-admin
This option disables the use of admin class commands for card
applications where this is supported. Currently we support it for the
OpenPGP card. This option is useful to inhibit accidental access to
2009-01-28 15:18:40 +01:00
admin class command which could ultimately lock the card through wrong
PIN numbers. Note that GnuPG versions older than 2.0.11 featured an
@option{--allow-admin} option which was required to use such admin
2009-01-28 15:18:40 +01:00
commands. This option has no more effect today because the default is
now to allow admin commands.
@item --disable-application @var{name}
@opindex disable-application
This option disables the use of the card application named
@var{name}. This is mainly useful for debugging or if a application
with lower priority should be used by default.
@item --application-priority @var{namelist}
@opindex application-priority
This option allows to change the order in which applications of a card
a tried if no specific application was requested. @var{namelist} is a
space or comma delimited list of application names. Unknown names are
simply skipped. Applications not mentioned in the list are put in the
former order at the end of the new priority list.
To get the list of current active applications, use
@cartouche
@smallexample
gpg-connect-agent 'scd getinfo app_list' /bye
@end smallexample
@end cartouche
2003-01-09 14:24:01 +01:00
@end table
All the long options may also be given in the configuration file after
stripping off the two leading dashes.
2006-08-17 20:01:25 +02:00
@mansect card applications
@node Card applications
@section Description of card applications
@command{scdaemon} supports the card applications as described below.
@menu
* OpenPGP Card:: The OpenPGP card application
* NKS Card:: The Telesec NetKey card application
* DINSIG Card:: The DINSIG card application
* PKCS#15 Card:: The PKCS#15 card application
2009-01-28 15:18:40 +01:00
* Geldkarte Card:: The Geldkarte application
* SmartCard-HSM:: The SmartCard-HSM application
* Undefined Card:: The Undefined stub application
@end menu
@node OpenPGP Card
@subsection The OpenPGP card application ``openpgp''
This application is currently only used by @command{gpg} but may in
2009-01-28 15:18:40 +01:00
future also be useful with @command{gpgsm}. Version 1 and version 2 of
the card is supported.
@noindent
The specifications for these cards are available at@*
@uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and@*
2009-01-28 15:18:40 +01:00
@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}.
@node NKS Card
@subsection The Telesec NetKey card ``nks''
This is the main application of the Telesec cards as available in
Germany. It is a superset of the German DINSIG card. The card is
used by @command{gpgsm}.
@node DINSIG Card
@subsection The DINSIG card application ``dinsig''
This is an application as described in the German draft standard
@emph{DIN V 66291-1}. It is intended to be used by cards supporting
the German signature law and its bylaws (SigG and SigV).
@node PKCS#15 Card
@subsection The PKCS#15 card application ``p15''
2009-07-22 15:33:46 +02:00
This is common framework for smart card applications. It is used by
@command{gpgsm}.
2009-01-28 15:18:40 +01:00
@node Geldkarte Card
@subsection The Geldkarte card application ``geldkarte''
This is a simple application to display information of a German
Geldkarte. The Geldkarte is a small amount debit card application which
comes with almost all German banking cards.
@node SmartCard-HSM
@subsection The SmartCard-HSM card application ``sc-hsm''
This application adds read-only support for keys and certificates
stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}.
To generate keys and store certificates you may use
@uref{https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM, OpenSC} or
the tools from @uref{http://www.openscdp.org, OpenSCDP}.
The SmartCard-HSM cards requires a card reader that supports Extended
Length APDUs.
@node Undefined Card
@subsection The Undefined card application ``undefined''
This is a stub application to allow the use of the APDU command even
if no supported application is found on the card. This application is
not used automatically but must be explicitly requested using the
SERIALNO command.
@c *******************************************
@c *************** ****************
@c *************** FILES ****************
@c *************** ****************
@c *******************************************
@mansect files
@node Scdaemon Configuration
@section Configuration files
There are a few configuration files to control certain aspects of
@command{scdaemons}'s operation. Unless noted, they are expected in the
current home directory (@pxref{option --homedir}).
@table @file
@item scdaemon.conf
@cindex scdaemon.conf
This is the standard configuration file read by @command{scdaemon} on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option --options}).
@item scd-event
@cindex scd-event
If this file is present and executable, it will be called on every card
reader's status change. An example of this script is provided with the
distribution
@item reader_@var{n}.status
This file is created by @command{scdaemon} to let other applications now
about reader status changes. Its use is now deprecated in favor of
@file{scd-event}.
@end table
@c
2003-01-09 14:24:01 +01:00
@c Examples
@c
2006-08-17 20:01:25 +02:00
@mansect examples
2003-01-09 14:24:01 +01:00
@node Scdaemon Examples
@section Examples
@c man begin EXAMPLES
@example
$ scdaemon --server -v
@end example
@c man end
@c
2003-01-09 14:24:01 +01:00
@c Assuan Protocol
@c
@manpause
2003-01-09 14:24:01 +01:00
@node Scdaemon Protocol
@section Scdaemon's Assuan Protocol
The SC-Daemon should be started by the system to provide access to
external tokens. Using Smartcards on a multi-user system does not
make much sense except for system services, but in this case no
2003-01-09 14:24:01 +01:00
regular user accounts are hosted on the machine.
A client connects to the SC-Daemon by connecting to the socket named
@file{@value{LOCALRUNDIR}/scdaemon/socket}, configuration information
is read from @var{@value{SYSCONFDIR}/scdaemon.conf}
2003-01-09 14:24:01 +01:00
Each connection acts as one session, SC-Daemon takes care of
2009-07-22 15:33:46 +02:00
synchronizing access to a token between sessions.
2003-01-09 14:24:01 +01:00
@menu
* Scdaemon SERIALNO:: Return the serial number.
* Scdaemon LEARN:: Read all useful information from the card.
* Scdaemon READCERT:: Return a certificate.
* Scdaemon READKEY:: Return a public key.
* Scdaemon PKSIGN:: Signing data with a Smartcard.
* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
* Scdaemon GETATTR:: Read an attribute's value.
* Scdaemon SETATTR:: Update an attribute's value.
* Scdaemon WRITEKEY:: Write a key to a card.
* Scdaemon GENKEY:: Generate a new key on-card.
* Scdaemon RANDOM:: Return random bytes generated on-card.
* Scdaemon PASSWD:: Change PINs.
* Scdaemon CHECKPIN:: Perform a VERIFY operation.
2006-04-11 15:53:21 +02:00
* Scdaemon RESTART:: Restart connection
* Scdaemon APDU:: Send a verbatim APDU to the card
2003-01-09 14:24:01 +01:00
@end menu
@node Scdaemon SERIALNO
2003-01-09 14:24:01 +01:00
@subsection Return the serial number
This command should be used to check for the presence of a card. It is
special in that it can be used to reset the card. Most other commands
will return an error when a card change has been detected and the use of
this function is therefore required.
Background: We want to keep the client clear of handling card changes
between operations; i.e. the client can assume that all operations are
done on the same card unless he call this function.
@example
SERIALNO
@end example
2009-07-22 15:33:46 +02:00
Return the serial number of the card using a status response like:
2003-01-09 14:24:01 +01:00
@example
S SERIALNO D27600000000000000000000
2003-01-09 14:24:01 +01:00
@end example
The serial number is the hex encoded value identified by
2003-01-09 14:24:01 +01:00
the @code{0x5A} tag in the GDO file (FIX=0x2F02).
@node Scdaemon LEARN
@subsection Read all useful information from the card
@example
LEARN [--force]
@end example
Learn all useful information of the currently inserted card. When
used without the @option{--force} option, the command might do an INQUIRE
2003-01-09 14:24:01 +01:00
like this:
@example
INQUIRE KNOWNCARDP <hexstring_with_serialNumber>
2003-01-09 14:24:01 +01:00
@end example
The client should just send an @code{END} if the processing should go on
or a @code{CANCEL} to force the function to terminate with a cancel
error message. The response of this command is a list of status lines
formatted as this:
@example
S KEYPAIRINFO @var{hexstring_with_keygrip} @var{hexstring_with_id}
@end example
If there is no certificate yet stored on the card a single "X" is
returned in @var{hexstring_with_keygrip}.
@node Scdaemon READCERT
@subsection Return a certificate
@example
READCERT @var{hexified_certid}|@var{keyid}
2003-01-09 14:24:01 +01:00
@end example
This function is used to read a certificate identified by
@var{hexified_certid} from the card. With OpenPGP cards the keyid
@code{OpenPGP.3} may be used to read the certificate of version 2 cards.
2003-01-09 14:24:01 +01:00
@node Scdaemon READKEY
@subsection Return a public key
@example
READKEY @var{hexified_certid}
@end example
Return the public key for the given cert or key ID as an standard
S-Expression.
2003-01-09 14:24:01 +01:00
@node Scdaemon PKSIGN
@subsection Signing data with a Smartcard
To sign some data the caller should use the command
@example
SETDATA @var{hexstring}
@end example
to tell @command{scdaemon} about the data to be signed. The data must be given in
2003-01-09 14:24:01 +01:00
hex notation. The actual signing is done using the command
@example
PKSIGN @var{keyid}
@end example
where @var{keyid} is the hexified ID of the key to be used. The key id
2006-03-21 13:48:51 +01:00
may have been retrieved using the command @code{LEARN}. If another
hash algorithm than SHA-1 is used, that algorithm may be given like:
@example
PKSIGN --hash=@var{algoname} @var{keyid}
@end example
With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
2003-01-09 14:24:01 +01:00
@node Scdaemon PKDECRYPT
@subsection Decrypting data with a Smartcard
To decrypt some data the caller should use the command
@example
SETDATA @var{hexstring}
@end example
to tell @command{scdaemon} about the data to be decrypted. The data
must be given in hex notation. The actual decryption is then done
using the command
2003-01-09 14:24:01 +01:00
@example
PKDECRYPT @var{keyid}
@end example
where @var{keyid} is the hexified ID of the key to be used.
If the card is aware of the apdding format a status line with padding
information is send before the plaintext data. The key for this
status line is @code{PADDING} with the only defined value being 0 and
meaning padding has been removed.
@node Scdaemon GETATTR
2016-03-04 15:45:19 +01:00
@subsection Read an attribute's value
TO BE WRITTEN.
@node Scdaemon SETATTR
2016-03-04 15:45:19 +01:00
@subsection Update an attribute's value
TO BE WRITTEN.
@node Scdaemon WRITEKEY
2016-03-04 15:45:19 +01:00
@subsection Write a key to a card
@example
WRITEKEY [--force] @var{keyid}
@end example
2009-07-22 15:33:46 +02:00
This command is used to store a secret key on a smartcard. The
allowed keyids depend on the currently selected smartcard
application. The actual keydata is requested using the inquiry
@code{KEYDATA} and need to be provided without any protection. With
@option{--force} set an existing key under this @var{keyid} will get
overwritten. The key data is expected to be the usual canonical encoded
S-expression.
2009-07-22 15:33:46 +02:00
A PIN will be requested in most cases. This however depends on the
actual card application.
@node Scdaemon GENKEY
2016-03-04 15:45:19 +01:00
@subsection Generate a new key on-card
TO BE WRITTEN.
@node Scdaemon RANDOM
2016-03-04 15:45:19 +01:00
@subsection Return random bytes generated on-card
TO BE WRITTEN.
@node Scdaemon PASSWD
2016-03-04 15:45:19 +01:00
@subsection Change PINs
@example
PASSWD [--reset] [--nullpin] @var{chvno}
@end example
Change the PIN or reset the retry counter of the card holder
verification vector number @var{chvno}. The option @option{--nullpin}
is used to initialize the PIN of TCOS cards (6 byte NullPIN only).
@node Scdaemon CHECKPIN
2016-03-04 15:45:19 +01:00
@subsection Perform a VERIFY operation
@example
CHECKPIN @var{idstr}
@end example
Perform a VERIFY operation without doing anything else. This may be
used to initialize a the PIN cache earlier to long lasting
operations. Its use is highly application dependent:
@table @strong
@item OpenPGP
Perform a simple verify operation for CHV1 and CHV2, so that further
operations won't ask for CHV2 and it is possible to do a cheap check on
the PIN: If there is something wrong with the PIN entry system, only the
regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
the usual card's serial number in hex notation; an optional fingerprint
part will get ignored.
There is however a special mode if @var{idstr} is suffixed with the
literal string @code{[CHV3]}: In this case the Admin PIN is checked if
and only if the retry counter is still at 3.
@end table
2006-04-11 15:53:21 +02:00
@node Scdaemon RESTART
2016-03-04 15:45:19 +01:00
@subsection Perform a RESTART operation
2006-04-11 15:53:21 +02:00
@example
RESTART
@end example
Restart the current connection; this is a kind of warm reset. It
deletes the context used by this connection but does not actually
reset the card.
2006-04-11 15:53:21 +02:00
This is used by gpg-agent to reuse a primary pipe connection and
may be used by clients to backup from a conflict in the serial
command; i.e. to select another application.
2006-04-11 15:53:21 +02:00
@node Scdaemon APDU
2016-03-04 15:45:19 +01:00
@subsection Send a verbatim APDU to the card
2006-04-11 15:53:21 +02:00
@example
2009-05-13 19:12:00 +02:00
APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}]
2006-04-11 15:53:21 +02:00
@end example
Send an APDU to the current reader. This command bypasses the high
level functions and sends the data directly to the card.
@var{hexstring} is expected to be a proper APDU. If @var{hexstring} is
not given no commands are send to the card; However the command will
implicitly check whether the card is ready for use.
2006-04-11 15:53:21 +02:00
Using the option @code{--atr} returns the ATR of the card as a status
message before any data like this:
@example
S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
@end example
Using the option @code{--more} handles the card status word MORE_DATA
2009-07-22 15:33:46 +02:00
(61xx) and concatenate all responses to one block.
2006-04-11 15:53:21 +02:00
2009-05-13 19:12:00 +02:00
Using the option @code{--exlen} the returned APDU may use extended
length up to N bytes. If N is not given a default value is used
(currently 4096).
2006-04-11 15:53:21 +02:00
@mansect see also
@ifset isman
@command{gpg-agent}(1),
@command{gpgsm}(1),
@command{gpg2}(1)
@end ifset
@include see-also-note.texi