I have an OpenPGP card that was setup on a different computer with a different cardreader and is known to work fine for signing emails with GnuPG. Now I am trying to use it on a Windows 10 desktop with Gpg4win over a USB reader by the Ukrainian manufacturer Avtor of model CR-371M (in Ukrainian: Автор КР-371М), so that I potentially could sign emails in an email client. (The reader works fine. For example, it works with smart cards of different type for different purposes with IIT End User CA-1 Sign web-extension and the corresponding EUSign.) I encounter the following error:
C:\Users\user>gpg --card-status
gpg: selecting card failed: No such device
gpg: Не вдалося отримати доступ до картки OpenPGP: No such device
The above in Ukrainian is the same that in the other question in English:
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device
However, unlike the situation in that answer, I do not see any "Lenovo Keyboard Smartcard Reader" among the drivers in the Device Manager. Instead, the Device Manager shows an "Unknown Smart Card" device with the "Unknown Smart Card" driver and a "Microsoft Usbccid Smartcard Reader (WUDF)" device with the "Microsoft Usbccid Smartcard Reader (WUDF)" driver and the only other available option being the "Microsoft Usbccid Smartcard Reader (UMDF2)".
I tried creating scdaemon.conf file following another answer on Security SE and installing OpenSC.
PS C:\Users\user> Get-PnpDevice -Class SoftwareDevice | Where-Object {$_.FriendlyName -like "*Reader*"} | Select-Object -ExpandProperty FriendlyName
Avtor SC Reader 371 0
PS C:\Users\user> cd AppData\Roaming\gnupg
PS C:\Users\user\AppData\Roaming\gnupg> notepad.exe scdaemon.conf
PS C:\Users\user\AppData\Roaming\gnupg> gpg-connect-agent killagent /bye
PS C:\Users\user\AppData\Roaming\gnupg> gpg-connect-agent /bye
PS C:\Users\user\AppData\Roaming\gnupg> gpg --card-status
gpg: selecting card failed: No such device
gpg: Не вдалося отримати доступ до картки OpenPGP: No such device
I tried adding any or both of the following lines to scdaemon.conf:
disable-ccid
reader-port Avtor SC Reader 371 0
Also, Kleopatra shows no cards in the last tab of its GUI where I would expect it to appear.
Description
The CR-371M card reader provides an interface between a computer and a smart card (ISO / IEC 7816).
Specifications
- - Cards that are supported DSTU ISO / IEC 7816-1: 2008 T = 0, T = 1, GSM Interface connection USB 2.0 Full Speed 12 Mb/s Processor operating frequency 16 MHz Exchange rate Up to 258 Kb / s (at a frequency of 4.915 MHz cards) Contact group ISO 8 contacts. Resource, at least 100,000 cycles of card acceptance Power supply USB port Supported OS Windows 2000/XP/2003/2008/Vista/7/8/10/11, Linux, Mac OS PC work protocol PC/SC, CCID Driver The device works with the standard CCID package of operating system drivers and does not require special drivers from the manufacturer
What else could I try to use the OpenPGP card with this card reader?
I tried on another Windows 10 machine with the same result.
I can use the reader with a CryptoCard-338 (which is not an OpenPGP Smart Card). Per the manufacturer's description:
Smart card CryptoCard-338 is based on Infineon’s smart-chips SLE78CFX2400P/SLE78CLFX2400P. Smart-chips are based on М7893 security controller that has CC EAL 6+ certificate.
Per the specifications of that card and that chip, it has ISO 7816 interface. So, I conclude that the interface of the card reader works.
Per the OpenPGP Smart Card product description, it uses:
T=1 protocol, compatible with most chipcard terminals
Per the current OpenPGP Smart Card specification, it has the following reader requirements:
Reader (informative) ->
- A common driver (CCID, PC/SC or CT-API) shall be supported.
- The driver should be available for several platforms (e. g. Win32/64, Linux, Macintosh).
- T=1 shall be supported for cards with contacts (T=0 optional).
- High-Speed protocols should be supported.
- Extended length should be supported with a minimum of 2048 bytes for APDUs for in- and ouput.
- Under T=0 ENVELOPE and GET RESPONSE are required to transport long APDUs. Command chaining should be should be supported.
So, the interface and the protocols (items 1 and 3 on the list) should be fine. Thus, I suspect that I face either a driver or a middleware issue. However, I am not sure how to test that or which one to try. I tried setting up OpenSC but I am not sure whether I did it correctly.
Kleopatra's cards tab says that it supports OpenPGP v2.0 - v3.3. May it be an issue that my OpenPGP card version is 3.4?
When I click for driver information for the smart card in the device properties, I get a notification that no driver was downloaded or no driver is needed for this device.
Unknown Smart Card
Для цього пристрою не потрібно або не завантажено жодні файли драйвера
