2006-06-20 19:47:10 +02:00
|
|
|
@c Copyright (C) 2002 Free Software Foundation, Inc.
|
2003-01-09 14:24:01 +01:00
|
|
|
@c This is part of the GnuPG manual.
|
|
|
|
@c For copying conditions, see the file gnupg.texi.
|
|
|
|
|
2015-06-09 21:29:15 +02:00
|
|
|
@include defs.inc
|
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@node Invoking SCDAEMON
|
|
|
|
@chapter Invoking the SCDAEMON
|
|
|
|
@cindex SCDAEMON command options
|
|
|
|
@cindex command options
|
|
|
|
@cindex options, SCDAEMON command
|
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@manpage scdaemon.1
|
|
|
|
@ifset manverb
|
|
|
|
.B scdaemon
|
2006-08-17 21:58:28 +02:00
|
|
|
\- Smartcard daemon for the GnuPG system
|
2006-08-17 20:01:25 +02:00
|
|
|
@end ifset
|
|
|
|
|
|
|
|
@mansect synopsis
|
|
|
|
@ifset manverb
|
|
|
|
.B scdaemon
|
|
|
|
.RB [ \-\-homedir
|
|
|
|
.IR dir ]
|
|
|
|
.RB [ \-\-options
|
|
|
|
.IR file ]
|
2011-12-13 17:59:00 +01:00
|
|
|
.RI [ options ]
|
|
|
|
.B \-\-server
|
2006-08-17 20:01:25 +02:00
|
|
|
.br
|
|
|
|
.B scdaemon
|
|
|
|
.RB [ \-\-homedir
|
|
|
|
.IR dir ]
|
|
|
|
.RB [ \-\-options
|
|
|
|
.IR file ]
|
2011-12-13 17:59:00 +01:00
|
|
|
.RI [ options ]
|
|
|
|
.B \-\-daemon
|
2006-08-17 20:01:25 +02:00
|
|
|
.RI [ command_line ]
|
|
|
|
@end ifset
|
|
|
|
|
|
|
|
|
|
|
|
@mansect description
|
2004-09-30 10:38:32 +02:00
|
|
|
The @command{scdaemon} is a daemon to manage smartcards. It is usually
|
2006-08-17 20:01:25 +02:00
|
|
|
invoked by @command{gpg-agent} and in general not used directly.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@manpause
|
|
|
|
@xref{Option Index}, for an index to @command{scdaemon}'s commands and
|
|
|
|
options.
|
|
|
|
@mancont
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@menu
|
|
|
|
* Scdaemon Commands:: List of all commands.
|
|
|
|
* Scdaemon Options:: List of all options.
|
2004-08-05 11:24:36 +02:00
|
|
|
* Card applications:: Description of card applications.
|
2006-09-07 17:13:33 +02:00
|
|
|
* Scdaemon Configuration:: Configuration files.
|
2003-01-09 14:24:01 +01:00
|
|
|
* Scdaemon Examples:: Some usage examples.
|
|
|
|
* Scdaemon Protocol:: The protocol the daemon uses.
|
|
|
|
@end menu
|
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@mansect commands
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@node Scdaemon Commands
|
|
|
|
@section Commands
|
|
|
|
|
2008-01-28 09:03:08 +01:00
|
|
|
Commands are not distinguished from options except for the fact that
|
|
|
|
only one command is allowed.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@table @gnupgtabopt
|
|
|
|
@item --version
|
|
|
|
@opindex version
|
2016-03-04 16:46:08 +01:00
|
|
|
Print the program version and licensing information. Note that you cannot
|
2003-01-09 14:24:01 +01:00
|
|
|
abbreviate this command.
|
|
|
|
|
|
|
|
@item --help, -h
|
|
|
|
@opindex help
|
2009-07-22 15:33:46 +02:00
|
|
|
Print a usage message summarizing the most useful command-line options.
|
2016-09-20 08:32:25 +02:00
|
|
|
Note that you cannot abbreviate this command.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@item --dump-options
|
|
|
|
@opindex dump-options
|
2016-03-04 16:46:08 +01:00
|
|
|
Print a list of all available options and commands. Note that you cannot
|
2003-01-09 14:24:01 +01:00
|
|
|
abbreviate this command.
|
|
|
|
|
|
|
|
@item --server
|
|
|
|
@opindex server
|
2016-03-04 16:20:47 +01:00
|
|
|
Run in server mode and wait for commands on the @code{stdin}. The
|
2003-01-09 14:24:01 +01:00
|
|
|
default mode is to create a socket and listen for commands there.
|
|
|
|
|
2005-05-20 22:39:36 +02:00
|
|
|
@item --multi-server
|
|
|
|
@opindex multi-server
|
|
|
|
Run in server mode and wait for commands on the @code{stdin} as well as
|
|
|
|
on an additional Unix Domain socket. The server command @code{GETINFO}
|
|
|
|
may be used to get the name of that extra socket.
|
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@item --daemon
|
|
|
|
@opindex daemon
|
|
|
|
Run the program in the background. This option is required to prevent
|
2009-07-22 15:33:46 +02:00
|
|
|
it from being accidentally running in the background.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@end table
|
|
|
|
|
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@mansect options
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@node Scdaemon Options
|
|
|
|
@section Option Summary
|
|
|
|
|
|
|
|
@table @gnupgtabopt
|
|
|
|
|
|
|
|
@item --options @var{file}
|
|
|
|
@opindex options
|
|
|
|
Reads configuration from @var{file} instead of from the default
|
2004-02-04 20:13:16 +01:00
|
|
|
per-user configuration file. The default configuration file is named
|
|
|
|
@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly
|
|
|
|
below the home directory of the user.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
2006-08-18 15:05:39 +02:00
|
|
|
@include opt-homedir.texi
|
|
|
|
|
2004-12-20 17:17:25 +01:00
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@item -v
|
|
|
|
@item --verbose
|
|
|
|
@opindex v
|
|
|
|
@opindex verbose
|
|
|
|
Outputs additional information while running.
|
|
|
|
You can increase the verbosity by giving several
|
2004-09-30 10:38:32 +02:00
|
|
|
verbose commands to @command{gpgsm}, such as @samp{-vv}.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
2004-02-18 17:58:29 +01:00
|
|
|
@item --debug-level @var{level}
|
|
|
|
@opindex debug-level
|
2009-12-03 19:04:40 +01:00
|
|
|
Select the debug level for investigating problems. @var{level} may be
|
|
|
|
a numeric value or a keyword:
|
2004-02-18 17:58:29 +01:00
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@table @code
|
|
|
|
@item none
|
2009-12-03 19:04:40 +01:00
|
|
|
No debugging at all. A value of less than 1 may be used instead of
|
|
|
|
the keyword.
|
2011-12-13 17:59:00 +01:00
|
|
|
@item basic
|
2009-12-03 19:04:40 +01:00
|
|
|
Some basic debug messages. A value between 1 and 2 may be used
|
|
|
|
instead of the keyword.
|
2006-08-17 20:01:25 +02:00
|
|
|
@item advanced
|
2009-12-03 19:04:40 +01:00
|
|
|
More verbose debug messages. A value between 3 and 5 may be used
|
|
|
|
instead of the keyword.
|
2006-08-17 20:01:25 +02:00
|
|
|
@item expert
|
2009-12-03 19:04:40 +01:00
|
|
|
Even more detailed messages. A value between 6 and 8 may be used
|
|
|
|
instead of the keyword.
|
2006-08-17 20:01:25 +02:00
|
|
|
@item guru
|
2009-12-03 19:04:40 +01:00
|
|
|
All of the debug messages you can get. A value greater than 8 may be
|
|
|
|
used instead of the keyword. The creation of hash tracing files is
|
|
|
|
only enabled if the keyword is used.
|
2006-08-17 20:01:25 +02:00
|
|
|
@end table
|
2004-02-18 17:58:29 +01:00
|
|
|
|
|
|
|
How these messages are mapped to the actual debugging flags is not
|
2008-01-28 09:03:08 +01:00
|
|
|
specified and may change with newer releases of this program. They are
|
2004-02-18 17:58:29 +01:00
|
|
|
however carefully selected to best aid in debugging.
|
|
|
|
|
2005-05-20 22:39:36 +02:00
|
|
|
@quotation Note
|
|
|
|
All debugging options are subject to change and thus should not be used
|
|
|
|
by any application program. As the name says, they are only used as
|
|
|
|
helpers to debug problems.
|
|
|
|
@end quotation
|
|
|
|
|
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@item --debug @var{flags}
|
|
|
|
@opindex debug
|
2019-09-05 13:12:14 +02:00
|
|
|
Set debug flags. All flags are or-ed and @var{flags} may be given
|
|
|
|
in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
|
|
|
|
To get a list of all supported flags the single word "help" can be
|
|
|
|
used. This option is only useful for debugging and the behavior may
|
|
|
|
change at any time without notice.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@item --debug-all
|
|
|
|
@opindex debug-all
|
|
|
|
Same as @code{--debug=0xffffffff}
|
|
|
|
|
|
|
|
@item --debug-wait @var{n}
|
|
|
|
@opindex debug-wait
|
|
|
|
When running in server mode, wait @var{n} seconds before entering the
|
|
|
|
actual processing loop and print the pid. This gives time to attach a
|
|
|
|
debugger.
|
|
|
|
|
2005-05-20 22:39:36 +02:00
|
|
|
@item --debug-ccid-driver
|
|
|
|
@opindex debug-wait
|
|
|
|
Enable debug output from the included CCID driver for smartcards.
|
|
|
|
Using this option twice will also enable some tracing of the T=1
|
|
|
|
protocol. Note that this option may reveal sensitive data.
|
|
|
|
|
|
|
|
@item --debug-disable-ticker
|
|
|
|
@opindex debug-disable-ticker
|
|
|
|
This option disables all ticker functions like checking for card
|
|
|
|
insertions.
|
|
|
|
|
2005-06-07 21:09:18 +02:00
|
|
|
@item --debug-allow-core-dump
|
|
|
|
@opindex debug-allow-core-dump
|
|
|
|
For security reasons we won't create a core dump when the process
|
|
|
|
aborts. For debugging purposes it is sometimes better to allow core
|
2016-03-04 16:20:47 +01:00
|
|
|
dump. This option enables it and also changes the working directory to
|
2005-06-07 21:09:18 +02:00
|
|
|
@file{/tmp} when running in @option{--server} mode.
|
|
|
|
|
2009-02-25 11:58:56 +01:00
|
|
|
@item --debug-log-tid
|
|
|
|
@opindex debug-log-tid
|
|
|
|
This option appends a thread ID to the PID in the log output.
|
|
|
|
|
2011-12-13 17:59:00 +01:00
|
|
|
@item --debug-assuan-log-cats @var{cats}
|
|
|
|
@opindex debug-assuan-log-cats
|
2016-06-14 14:57:49 +02:00
|
|
|
@efindex ASSUAN_DEBUG
|
2011-12-13 17:59:00 +01:00
|
|
|
Changes the active Libassuan logging categories to @var{cats}. The
|
|
|
|
value for @var{cats} is an unsigned integer given in usual C-Syntax.
|
2017-02-20 22:19:50 +01:00
|
|
|
A value of 0 switches to a default category. If this option is not
|
2011-12-13 17:59:00 +01:00
|
|
|
used the categories are taken from the environment variable
|
2016-06-14 14:57:49 +02:00
|
|
|
@code{ASSUAN_DEBUG}. Note that this option has only an effect if the
|
2011-12-13 17:59:00 +01:00
|
|
|
Assuan debug flag has also been with the option @option{--debug}. For
|
|
|
|
a list of categories see the Libassuan manual.
|
2005-06-07 21:09:18 +02:00
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@item --no-detach
|
|
|
|
@opindex no-detach
|
2008-01-28 09:03:08 +01:00
|
|
|
Don't detach the process from the console. This is mainly useful for
|
2003-01-09 14:24:01 +01:00
|
|
|
debugging.
|
|
|
|
|
2017-12-12 14:14:40 +01:00
|
|
|
@item --listen-backlog @var{n}
|
|
|
|
@opindex listen-backlog
|
|
|
|
Set the size of the queue for pending connections. The default is 64.
|
|
|
|
This option has an effect only if @option{--multi-server} is also
|
|
|
|
used.
|
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@item --log-file @var{file}
|
|
|
|
@opindex log-file
|
|
|
|
Append all logging output to @var{file}. This is very helpful in
|
2016-08-29 11:45:47 +02:00
|
|
|
seeing what the agent actually does. Use @file{socket://} to log to
|
|
|
|
socket.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
2021-03-12 09:21:57 +01:00
|
|
|
@item --pcsc-shared
|
|
|
|
@opindex pcsc-shared
|
|
|
|
Use shared mode to access the card via PC/SC. This is a somewhat
|
2021-03-14 11:30:23 +01:00
|
|
|
dangerous option because Scdaemon assumes exclusive access to the
|
2021-03-12 09:21:57 +01:00
|
|
|
card and for example caches certain information from the card. Use
|
|
|
|
this option only if you know what you are doing.
|
2005-06-20 19:32:44 +02:00
|
|
|
|
|
|
|
@item --pcsc-driver @var{library}
|
|
|
|
@opindex pcsc-driver
|
|
|
|
Use @var{library} to access the smartcard reader. The current default
|
2022-06-03 10:54:35 +02:00
|
|
|
on Unix is @file{libpcsclite.so} and on Windows @file{winscard.dll}.
|
|
|
|
Instead of using this option you might also want to install a symbolic
|
|
|
|
link to the default file name (e.g. from @file{libpcsclite.so.1}).
|
|
|
|
A Unicode file name may not be used on Windows.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
2003-08-05 19:11:04 +02:00
|
|
|
@item --ctapi-driver @var{library}
|
2005-06-20 19:32:44 +02:00
|
|
|
@opindex ctapi-driver
|
2003-08-05 19:11:04 +02:00
|
|
|
Use @var{library} to access the smartcard reader. The current default
|
2005-06-20 19:32:44 +02:00
|
|
|
is @file{libtowitoko.so}. Note that the use of this interface is
|
2004-10-20 10:54:45 +02:00
|
|
|
deprecated; it may be removed in future releases.
|
2003-08-05 19:11:04 +02:00
|
|
|
|
2011-12-13 17:59:00 +01:00
|
|
|
@item --disable-ccid
|
2005-06-20 19:32:44 +02:00
|
|
|
@opindex disable-ccid
|
|
|
|
Disable the integrated support for CCID compliant readers. This
|
More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-02 04:19:17 +02:00
|
|
|
allows falling back to one of the other drivers even if the internal
|
2005-06-20 19:32:44 +02:00
|
|
|
CCID driver can handle the reader. Note, that CCID support is only
|
|
|
|
available if libusb was available at build time.
|
|
|
|
|
|
|
|
@item --reader-port @var{number_or_string}
|
|
|
|
@opindex reader-port
|
|
|
|
This option may be used to specify the port of the card terminal. A
|
|
|
|
value of 0 refers to the first serial device; add 32768 to access USB
|
|
|
|
devices. The default is 32768 (first USB device). PC/SC or CCID
|
|
|
|
readers might need a string here; run the program in verbose mode to get
|
|
|
|
a list of available readers. The default is then the first reader
|
|
|
|
found.
|
|
|
|
|
2007-04-03 18:57:37 +02:00
|
|
|
To get a list of available CCID readers you may use this command:
|
2014-06-25 11:15:45 +02:00
|
|
|
@cartouche
|
2007-04-03 18:57:37 +02:00
|
|
|
@smallexample
|
2014-06-25 11:15:45 +02:00
|
|
|
echo scd getinfo reader_list \
|
|
|
|
| gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
|
2007-04-03 18:57:37 +02:00
|
|
|
@end smallexample
|
2014-06-25 11:15:45 +02:00
|
|
|
@end cartouche
|
2007-04-03 18:57:37 +02:00
|
|
|
|
2019-06-06 02:55:10 +02:00
|
|
|
@item --card-timeout @var{n}
|
|
|
|
@opindex card-timeout
|
|
|
|
This option is deprecated. In GnuPG 2.0, it used to be used for
|
|
|
|
DISCONNECT command to control timing issue. Since DISCONNECT command
|
|
|
|
works synchronously, it has no effect.
|
|
|
|
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 02:07:51 +01:00
|
|
|
@item --enable-pinpad-varlen
|
|
|
|
@opindex enable-pinpad-varlen
|
|
|
|
Please specify this option when the card reader supports variable
|
2013-08-21 15:44:52 +02:00
|
|
|
length input for pinpad (default is no). For known readers (listed in
|
|
|
|
ccid-driver.c and apdu.c), this option is not needed. Note that if
|
|
|
|
your card reader doesn't supports variable length input but you want
|
|
|
|
to use it, you need to specify your pinpad request on your card.
|
scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-07 02:07:51 +01:00
|
|
|
|
|
|
|
|
|
|
|
@item --disable-pinpad
|
|
|
|
@opindex disable-pinpad
|
|
|
|
Even if a card reader features a pinpad, do not try to use it.
|
2005-11-13 20:05:00 +01:00
|
|
|
|
2003-12-01 11:53:40 +01:00
|
|
|
|
2009-01-28 15:18:40 +01:00
|
|
|
@item --deny-admin
|
2003-12-01 11:53:40 +01:00
|
|
|
@opindex deny-admin
|
2009-01-28 15:18:40 +01:00
|
|
|
@opindex allow-admin
|
|
|
|
This option disables the use of admin class commands for card
|
|
|
|
applications where this is supported. Currently we support it for the
|
2016-03-04 17:27:21 +01:00
|
|
|
OpenPGP card. This option is useful to inhibit accidental access to
|
2009-01-28 15:18:40 +01:00
|
|
|
admin class command which could ultimately lock the card through wrong
|
|
|
|
PIN numbers. Note that GnuPG versions older than 2.0.11 featured an
|
2016-03-04 17:27:21 +01:00
|
|
|
@option{--allow-admin} option which was required to use such admin
|
2009-01-28 15:18:40 +01:00
|
|
|
commands. This option has no more effect today because the default is
|
|
|
|
now to allow admin commands.
|
2003-12-01 11:53:40 +01:00
|
|
|
|
2004-08-05 11:24:36 +02:00
|
|
|
@item --disable-application @var{name}
|
|
|
|
@opindex disable-application
|
|
|
|
This option disables the use of the card application named
|
|
|
|
@var{name}. This is mainly useful for debugging or if a application
|
|
|
|
with lower priority should be used by default.
|
|
|
|
|
2019-03-28 17:05:20 +01:00
|
|
|
@item --application-priority @var{namelist}
|
|
|
|
@opindex application-priority
|
|
|
|
This option allows to change the order in which applications of a card
|
|
|
|
a tried if no specific application was requested. @var{namelist} is a
|
|
|
|
space or comma delimited list of application names. Unknown names are
|
|
|
|
simply skipped. Applications not mentioned in the list are put in the
|
|
|
|
former order at the end of the new priority list.
|
|
|
|
|
|
|
|
To get the list of current active applications, use
|
|
|
|
@cartouche
|
|
|
|
@smallexample
|
|
|
|
gpg-connect-agent 'scd getinfo app_list' /bye
|
|
|
|
@end smallexample
|
|
|
|
@end cartouche
|
|
|
|
|
2003-01-09 14:24:01 +01:00
|
|
|
@end table
|
|
|
|
|
|
|
|
All the long options may also be given in the configuration file after
|
|
|
|
stripping off the two leading dashes.
|
|
|
|
|
|
|
|
|
2006-08-17 20:01:25 +02:00
|
|
|
@mansect card applications
|
2004-08-05 11:24:36 +02:00
|
|
|
@node Card applications
|
|
|
|
@section Description of card applications
|
|
|
|
|
2004-09-30 10:38:32 +02:00
|
|
|
@command{scdaemon} supports the card applications as described below.
|
2004-08-05 11:24:36 +02:00
|
|
|
|
|
|
|
@menu
|
|
|
|
* OpenPGP Card:: The OpenPGP card application
|
|
|
|
* NKS Card:: The Telesec NetKey card application
|
|
|
|
* DINSIG Card:: The DINSIG card application
|
|
|
|
* PKCS#15 Card:: The PKCS#15 card application
|
2009-01-28 15:18:40 +01:00
|
|
|
* Geldkarte Card:: The Geldkarte application
|
2014-07-18 16:20:59 +02:00
|
|
|
* SmartCard-HSM:: The SmartCard-HSM application
|
2011-12-14 17:00:50 +01:00
|
|
|
* Undefined Card:: The Undefined stub application
|
2004-08-05 11:24:36 +02:00
|
|
|
@end menu
|
|
|
|
|
|
|
|
@node OpenPGP Card
|
|
|
|
@subsection The OpenPGP card application ``openpgp''
|
|
|
|
|
2004-09-30 10:38:32 +02:00
|
|
|
This application is currently only used by @command{gpg} but may in
|
2009-01-28 15:18:40 +01:00
|
|
|
future also be useful with @command{gpgsm}. Version 1 and version 2 of
|
2011-12-13 17:59:00 +01:00
|
|
|
the card is supported.
|
2004-08-05 11:24:36 +02:00
|
|
|
|
2014-06-25 11:15:45 +02:00
|
|
|
@noindent
|
|
|
|
The specifications for these cards are available at@*
|
|
|
|
@uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and@*
|
2009-01-28 15:18:40 +01:00
|
|
|
@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}.
|
2004-08-05 11:24:36 +02:00
|
|
|
|
|
|
|
@node NKS Card
|
|
|
|
@subsection The Telesec NetKey card ``nks''
|
|
|
|
|
|
|
|
This is the main application of the Telesec cards as available in
|
|
|
|
Germany. It is a superset of the German DINSIG card. The card is
|
2004-09-30 10:38:32 +02:00
|
|
|
used by @command{gpgsm}.
|
2004-08-05 11:24:36 +02:00
|
|
|
|
|
|
|
@node DINSIG Card
|
|
|
|
@subsection The DINSIG card application ``dinsig''
|
|
|
|
|
|
|
|
This is an application as described in the German draft standard
|
2007-02-14 17:27:55 +01:00
|
|
|
@emph{DIN V 66291-1}. It is intended to be used by cards supporting
|
2004-08-05 11:24:36 +02:00
|
|
|
the German signature law and its bylaws (SigG and SigV).
|
|
|
|
|
|
|
|
@node PKCS#15 Card
|
|
|
|
@subsection The PKCS#15 card application ``p15''
|
|
|
|
|
2009-07-22 15:33:46 +02:00
|
|
|
This is common framework for smart card applications. It is used by
|
2005-04-27 14:09:21 +02:00
|
|
|
@command{gpgsm}.
|
2004-08-05 11:24:36 +02:00
|
|
|
|
2009-01-28 15:18:40 +01:00
|
|
|
@node Geldkarte Card
|
|
|
|
@subsection The Geldkarte card application ``geldkarte''
|
|
|
|
|
|
|
|
This is a simple application to display information of a German
|
|
|
|
Geldkarte. The Geldkarte is a small amount debit card application which
|
|
|
|
comes with almost all German banking cards.
|
|
|
|
|
2014-07-18 16:20:59 +02:00
|
|
|
@node SmartCard-HSM
|
|
|
|
@subsection The SmartCard-HSM card application ``sc-hsm''
|
|
|
|
|
2016-03-04 16:20:47 +01:00
|
|
|
This application adds read-only support for keys and certificates
|
2014-07-18 16:20:59 +02:00
|
|
|
stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}.
|
|
|
|
|
2018-06-06 17:25:51 +02:00
|
|
|
To generate keys and store certificates you may use
|
2014-07-18 16:20:59 +02:00
|
|
|
@uref{https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM, OpenSC} or
|
|
|
|
the tools from @uref{http://www.openscdp.org, OpenSCDP}.
|
|
|
|
|
|
|
|
The SmartCard-HSM cards requires a card reader that supports Extended
|
|
|
|
Length APDUs.
|
|
|
|
|
2011-12-14 17:00:50 +01:00
|
|
|
@node Undefined Card
|
|
|
|
@subsection The Undefined card application ``undefined''
|
|
|
|
|
|
|
|
This is a stub application to allow the use of the APDU command even
|
|
|
|
if no supported application is found on the card. This application is
|
|
|
|
not used automatically but must be explicitly requested using the
|
|
|
|
SERIALNO command.
|
|
|
|
|
2004-08-05 11:24:36 +02:00
|
|
|
|
2006-09-07 17:13:33 +02:00
|
|
|
@c *******************************************
|
|
|
|
@c *************** ****************
|
|
|
|
@c *************** FILES ****************
|
|
|
|
@c *************** ****************
|
|
|
|
@c *******************************************
|
|
|
|
@mansect files
|
|
|
|
@node Scdaemon Configuration
|
|
|
|
@section Configuration files
|
|
|
|
|
|
|
|
There are a few configuration files to control certain aspects of
|
|
|
|
@command{scdaemons}'s operation. Unless noted, they are expected in the
|
|
|
|
current home directory (@pxref{option --homedir}).
|
|
|
|
|
|
|
|
@table @file
|
|
|
|
|
|
|
|
@item scdaemon.conf
|
|
|
|
@cindex scdaemon.conf
|
|
|
|
This is the standard configuration file read by @command{scdaemon} on
|
|
|
|
startup. It may contain any valid long option; the leading two dashes
|
|
|
|
may not be entered and the option may not be abbreviated. This default
|
|
|
|
name may be changed on the command line (@pxref{option --options}).
|
|
|
|
|
|
|
|
@item scd-event
|
|
|
|
@cindex scd-event
|
2016-03-04 16:20:47 +01:00
|
|
|
If this file is present and executable, it will be called on every card
|
|
|
|
reader's status change. An example of this script is provided with the
|
2022-11-30 03:47:01 +01:00
|
|
|
source code distribution. This option is deprecated in favor of the
|
|
|
|
@command{DEVINFO --watch}.
|
2006-09-07 17:13:33 +02:00
|
|
|
|
|
|
|
@item reader_@var{n}.status
|
2016-03-04 16:20:47 +01:00
|
|
|
This file is created by @command{scdaemon} to let other applications now
|
2006-09-07 17:13:33 +02:00
|
|
|
about reader status changes. Its use is now deprecated in favor of
|
|
|
|
@file{scd-event}.
|
|
|
|
|
|
|
|
@end table
|
|
|
|
|
2004-08-05 11:24:36 +02:00
|
|
|
|
2011-12-13 17:59:00 +01:00
|
|
|
@c
|
2003-01-09 14:24:01 +01:00
|
|
|
@c Examples
|
|
|
|
@c
|
2006-08-17 20:01:25 +02:00
|
|
|
@mansect examples
|
2003-01-09 14:24:01 +01:00
|
|
|
@node Scdaemon Examples
|
|
|
|
@section Examples
|
|
|
|
|
|
|
|
@c man begin EXAMPLES
|
|
|
|
|
|
|
|
@example
|
|
|
|
$ scdaemon --server -v
|
|
|
|
@end example
|
|
|
|
|
|
|
|
@c man end
|
|
|
|
|
2011-12-13 17:59:00 +01:00
|
|
|
@c
|
2003-01-09 14:24:01 +01:00
|
|
|
@c Assuan Protocol
|
|
|
|
@c
|
2006-09-07 17:13:33 +02:00
|
|
|
@manpause
|
2003-01-09 14:24:01 +01:00
|
|
|
@node Scdaemon Protocol
|
|
|
|
@section Scdaemon's Assuan Protocol
|
|
|
|
|
|
|
|
The SC-Daemon should be started by the system to provide access to
|
|
|
|
external tokens. Using Smartcards on a multi-user system does not
|
2016-03-04 16:20:47 +01:00
|
|
|
make much sense except for system services, but in this case no
|
2003-01-09 14:24:01 +01:00
|
|
|
regular user accounts are hosted on the machine.
|
|
|
|
|
|
|
|
A client connects to the SC-Daemon by connecting to the socket named
|
2015-06-09 21:29:15 +02:00
|
|
|
@file{@value{LOCALRUNDIR}/scdaemon/socket}, configuration information
|
|
|
|
is read from @var{@value{SYSCONFDIR}/scdaemon.conf}
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
Each connection acts as one session, SC-Daemon takes care of
|
2009-07-22 15:33:46 +02:00
|
|
|
synchronizing access to a token between sessions.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@menu
|
|
|
|
* Scdaemon SERIALNO:: Return the serial number.
|
|
|
|
* Scdaemon LEARN:: Read all useful information from the card.
|
|
|
|
* Scdaemon READCERT:: Return a certificate.
|
|
|
|
* Scdaemon READKEY:: Return a public key.
|
|
|
|
* Scdaemon PKSIGN:: Signing data with a Smartcard.
|
|
|
|
* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
|
2003-10-21 19:12:21 +02:00
|
|
|
* Scdaemon GETATTR:: Read an attribute's value.
|
|
|
|
* Scdaemon SETATTR:: Update an attribute's value.
|
2005-05-20 22:39:36 +02:00
|
|
|
* Scdaemon WRITEKEY:: Write a key to a card.
|
2003-10-21 19:12:21 +02:00
|
|
|
* Scdaemon GENKEY:: Generate a new key on-card.
|
2016-03-04 16:20:47 +01:00
|
|
|
* Scdaemon RANDOM:: Return random bytes generated on-card.
|
2003-10-21 19:12:21 +02:00
|
|
|
* Scdaemon PASSWD:: Change PINs.
|
|
|
|
* Scdaemon CHECKPIN:: Perform a VERIFY operation.
|
2006-04-11 15:53:21 +02:00
|
|
|
* Scdaemon RESTART:: Restart connection
|
|
|
|
* Scdaemon APDU:: Send a verbatim APDU to the card
|
2003-01-09 14:24:01 +01:00
|
|
|
@end menu
|
|
|
|
|
2011-12-13 17:59:00 +01:00
|
|
|
@node Scdaemon SERIALNO
|
2003-01-09 14:24:01 +01:00
|
|
|
@subsection Return the serial number
|
|
|
|
|
|
|
|
This command should be used to check for the presence of a card. It is
|
|
|
|
special in that it can be used to reset the card. Most other commands
|
|
|
|
will return an error when a card change has been detected and the use of
|
|
|
|
this function is therefore required.
|
|
|
|
|
|
|
|
Background: We want to keep the client clear of handling card changes
|
|
|
|
between operations; i.e. the client can assume that all operations are
|
|
|
|
done on the same card unless he call this function.
|
|
|
|
|
|
|
|
@example
|
|
|
|
SERIALNO
|
|
|
|
@end example
|
|
|
|
|
2009-07-22 15:33:46 +02:00
|
|
|
Return the serial number of the card using a status response like:
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@example
|
2017-01-18 07:48:50 +01:00
|
|
|
S SERIALNO D27600000000000000000000
|
2003-01-09 14:24:01 +01:00
|
|
|
@end example
|
|
|
|
|
2017-01-18 07:48:50 +01:00
|
|
|
The serial number is the hex encoded value identified by
|
2003-01-09 14:24:01 +01:00
|
|
|
the @code{0x5A} tag in the GDO file (FIX=0x2F02).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon LEARN
|
|
|
|
@subsection Read all useful information from the card
|
|
|
|
|
|
|
|
@example
|
|
|
|
LEARN [--force]
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Learn all useful information of the currently inserted card. When
|
2016-03-04 17:38:09 +01:00
|
|
|
used without the @option{--force} option, the command might do an INQUIRE
|
2003-01-09 14:24:01 +01:00
|
|
|
like this:
|
|
|
|
|
|
|
|
@example
|
2017-01-18 07:48:50 +01:00
|
|
|
INQUIRE KNOWNCARDP <hexstring_with_serialNumber>
|
2003-01-09 14:24:01 +01:00
|
|
|
@end example
|
|
|
|
|
|
|
|
The client should just send an @code{END} if the processing should go on
|
|
|
|
or a @code{CANCEL} to force the function to terminate with a cancel
|
|
|
|
error message. The response of this command is a list of status lines
|
|
|
|
formatted as this:
|
|
|
|
|
|
|
|
@example
|
|
|
|
S KEYPAIRINFO @var{hexstring_with_keygrip} @var{hexstring_with_id}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
If there is no certificate yet stored on the card a single "X" is
|
|
|
|
returned in @var{hexstring_with_keygrip}.
|
|
|
|
|
|
|
|
@node Scdaemon READCERT
|
|
|
|
@subsection Return a certificate
|
|
|
|
|
|
|
|
@example
|
2008-07-17 21:40:53 +02:00
|
|
|
READCERT @var{hexified_certid}|@var{keyid}
|
2003-01-09 14:24:01 +01:00
|
|
|
@end example
|
|
|
|
|
|
|
|
This function is used to read a certificate identified by
|
2008-07-17 21:40:53 +02:00
|
|
|
@var{hexified_certid} from the card. With OpenPGP cards the keyid
|
2016-03-04 16:20:47 +01:00
|
|
|
@code{OpenPGP.3} may be used to read the certificate of version 2 cards.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon READKEY
|
|
|
|
@subsection Return a public key
|
|
|
|
|
|
|
|
@example
|
|
|
|
READKEY @var{hexified_certid}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Return the public key for the given cert or key ID as an standard
|
2011-12-13 17:59:00 +01:00
|
|
|
S-Expression.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon PKSIGN
|
|
|
|
@subsection Signing data with a Smartcard
|
|
|
|
|
|
|
|
To sign some data the caller should use the command
|
|
|
|
|
|
|
|
@example
|
|
|
|
SETDATA @var{hexstring}
|
|
|
|
@end example
|
|
|
|
|
2004-09-30 10:38:32 +02:00
|
|
|
to tell @command{scdaemon} about the data to be signed. The data must be given in
|
2003-01-09 14:24:01 +01:00
|
|
|
hex notation. The actual signing is done using the command
|
|
|
|
|
|
|
|
@example
|
|
|
|
PKSIGN @var{keyid}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
where @var{keyid} is the hexified ID of the key to be used. The key id
|
2006-03-21 13:48:51 +01:00
|
|
|
may have been retrieved using the command @code{LEARN}. If another
|
|
|
|
hash algorithm than SHA-1 is used, that algorithm may be given like:
|
|
|
|
|
|
|
|
@example
|
|
|
|
PKSIGN --hash=@var{algoname} @var{keyid}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon PKDECRYPT
|
|
|
|
@subsection Decrypting data with a Smartcard
|
|
|
|
|
|
|
|
To decrypt some data the caller should use the command
|
|
|
|
|
|
|
|
@example
|
|
|
|
SETDATA @var{hexstring}
|
|
|
|
@end example
|
|
|
|
|
2004-09-30 10:38:32 +02:00
|
|
|
to tell @command{scdaemon} about the data to be decrypted. The data
|
|
|
|
must be given in hex notation. The actual decryption is then done
|
|
|
|
using the command
|
2003-01-09 14:24:01 +01:00
|
|
|
|
|
|
|
@example
|
|
|
|
PKDECRYPT @var{keyid}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
where @var{keyid} is the hexified ID of the key to be used.
|
|
|
|
|
2016-03-04 16:20:47 +01:00
|
|
|
If the card is aware of the apdding format a status line with padding
|
2013-08-26 17:29:54 +02:00
|
|
|
information is send before the plaintext data. The key for this
|
|
|
|
status line is @code{PADDING} with the only defined value being 0 and
|
|
|
|
meaning padding has been removed.
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
@node Scdaemon GETATTR
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Read an attribute's value
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
TO BE WRITTEN.
|
|
|
|
|
|
|
|
@node Scdaemon SETATTR
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Update an attribute's value
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
TO BE WRITTEN.
|
|
|
|
|
2005-05-20 22:39:36 +02:00
|
|
|
@node Scdaemon WRITEKEY
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Write a key to a card
|
2005-05-20 22:39:36 +02:00
|
|
|
|
|
|
|
@example
|
|
|
|
WRITEKEY [--force] @var{keyid}
|
|
|
|
@end example
|
|
|
|
|
2009-07-22 15:33:46 +02:00
|
|
|
This command is used to store a secret key on a smartcard. The
|
2005-05-20 22:39:36 +02:00
|
|
|
allowed keyids depend on the currently selected smartcard
|
|
|
|
application. The actual keydata is requested using the inquiry
|
|
|
|
@code{KEYDATA} and need to be provided without any protection. With
|
|
|
|
@option{--force} set an existing key under this @var{keyid} will get
|
|
|
|
overwritten. The key data is expected to be the usual canonical encoded
|
|
|
|
S-expression.
|
|
|
|
|
2009-07-22 15:33:46 +02:00
|
|
|
A PIN will be requested in most cases. This however depends on the
|
2005-05-20 22:39:36 +02:00
|
|
|
actual card application.
|
|
|
|
|
|
|
|
|
2003-10-21 19:12:21 +02:00
|
|
|
@node Scdaemon GENKEY
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Generate a new key on-card
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
TO BE WRITTEN.
|
|
|
|
|
|
|
|
@node Scdaemon RANDOM
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Return random bytes generated on-card
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
TO BE WRITTEN.
|
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon PASSWD
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Change PINs
|
2003-10-21 19:12:21 +02:00
|
|
|
|
2005-05-23 22:18:13 +02:00
|
|
|
@example
|
2008-06-24 18:00:29 +02:00
|
|
|
PASSWD [--reset] [--nullpin] @var{chvno}
|
2005-05-23 22:18:13 +02:00
|
|
|
@end example
|
2011-12-13 17:59:00 +01:00
|
|
|
|
2005-05-23 22:18:13 +02:00
|
|
|
Change the PIN or reset the retry counter of the card holder
|
2008-06-24 18:00:29 +02:00
|
|
|
verification vector number @var{chvno}. The option @option{--nullpin}
|
|
|
|
is used to initialize the PIN of TCOS cards (6 byte NullPIN only).
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon CHECKPIN
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Perform a VERIFY operation
|
2003-10-21 19:12:21 +02:00
|
|
|
|
2005-05-23 22:18:13 +02:00
|
|
|
@example
|
|
|
|
CHECKPIN @var{idstr}
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Perform a VERIFY operation without doing anything else. This may be
|
|
|
|
used to initialize a the PIN cache earlier to long lasting
|
|
|
|
operations. Its use is highly application dependent:
|
|
|
|
|
|
|
|
@table @strong
|
|
|
|
@item OpenPGP
|
|
|
|
|
|
|
|
Perform a simple verify operation for CHV1 and CHV2, so that further
|
|
|
|
operations won't ask for CHV2 and it is possible to do a cheap check on
|
|
|
|
the PIN: If there is something wrong with the PIN entry system, only the
|
|
|
|
regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
|
|
|
|
the usual card's serial number in hex notation; an optional fingerprint
|
|
|
|
part will get ignored.
|
|
|
|
|
|
|
|
There is however a special mode if @var{idstr} is suffixed with the
|
|
|
|
literal string @code{[CHV3]}: In this case the Admin PIN is checked if
|
|
|
|
and only if the retry counter is still at 3.
|
|
|
|
|
|
|
|
@end table
|
2003-10-21 19:12:21 +02:00
|
|
|
|
|
|
|
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
@node Scdaemon RESTART
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Perform a RESTART operation
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
@example
|
|
|
|
RESTART
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Restart the current connection; this is a kind of warm reset. It
|
|
|
|
deletes the context used by this connection but does not actually
|
2011-12-13 17:59:00 +01:00
|
|
|
reset the card.
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
This is used by gpg-agent to reuse a primary pipe connection and
|
|
|
|
may be used by clients to backup from a conflict in the serial
|
2011-12-13 17:59:00 +01:00
|
|
|
command; i.e. to select another application.
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@node Scdaemon APDU
|
2016-03-04 15:45:19 +01:00
|
|
|
@subsection Send a verbatim APDU to the card
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
@example
|
2009-05-13 19:12:00 +02:00
|
|
|
APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}]
|
2006-04-11 15:53:21 +02:00
|
|
|
@end example
|
|
|
|
|
|
|
|
|
|
|
|
Send an APDU to the current reader. This command bypasses the high
|
|
|
|
level functions and sends the data directly to the card.
|
|
|
|
@var{hexstring} is expected to be a proper APDU. If @var{hexstring} is
|
|
|
|
not given no commands are send to the card; However the command will
|
2008-01-28 09:03:08 +01:00
|
|
|
implicitly check whether the card is ready for use.
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
Using the option @code{--atr} returns the ATR of the card as a status
|
|
|
|
message before any data like this:
|
|
|
|
@example
|
|
|
|
S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Using the option @code{--more} handles the card status word MORE_DATA
|
2009-07-22 15:33:46 +02:00
|
|
|
(61xx) and concatenate all responses to one block.
|
2006-04-11 15:53:21 +02:00
|
|
|
|
2009-05-13 19:12:00 +02:00
|
|
|
Using the option @code{--exlen} the returned APDU may use extended
|
|
|
|
length up to N bytes. If N is not given a default value is used
|
|
|
|
(currently 4096).
|
|
|
|
|
2006-04-11 15:53:21 +02:00
|
|
|
|
|
|
|
|
2006-09-07 17:13:33 +02:00
|
|
|
@mansect see also
|
|
|
|
@ifset isman
|
|
|
|
@command{gpg-agent}(1),
|
2011-12-13 17:59:00 +01:00
|
|
|
@command{gpgsm}(1),
|
2006-09-07 17:13:33 +02:00
|
|
|
@command{gpg2}(1)
|
|
|
|
@end ifset
|
|
|
|
@include see-also-note.texi
|