Comment 8 for bug 884856

Pete Stephenson (heypete) wrote :

(Resurrecting a long-idle thread. Sorry.)

This issue has also propagated to Linux Mint 14, an Ubuntu derivative. I was having difficulty using my German Privacy Foundation Crypto Stick with Mint or Ubuntu.

While it doesn't solve the underlying issue (that is, the gnome-keyring agent doesn't play nice with smartcards), one can easily disable the offending agent and thus restore normal GPG operations in the following ways

*****

Unity desktop (GUI method):

*****

MATE (fork of GNOME 2) desktop (GUI method):
Click "Menu" --> "Preferences" --> "Startup Applications". Uncheck the GPG Password Agent (it appears twice as the "GNOME Keyring" and "MATE Keyring").

*****

MATE (fork of GNOME 2) desktop (command line method):
1. Open a terminal.

2. Execute the following commands as your user account (root is not required):

mkdir ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/
echo "X-MATE-Autostart-enabled=false" >> ~/.config/autostart/gnome-keyring-gpg.desktop

3. Log out of your session and log back in.
4. Test to make sure things are working.

*****

Cinnamon (or Unity) desktop:
1. Open a terminal.

2. Execute the following commands as your user account (root is not required):

mkdir ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/
echo "X-GNOME-Autostart-enabled=false" >> ~/.config/autostart/gnome-keyring-gpg.desktop

3. Log out of your session and log back in.
4. Test to make sure things are working.

*****

How to test if things are working:

1. Open a terminal.

2. Execute the following command as your user account (root is not required):

echo $GPG_AGENT_INFO

3. a. If "S.gpg-agent" (or nothing, in the case of Unity, oddly enough) appears in the result, GPG will use the normal GPG agent. (Example: "/home/pete/.gnupg/S.gpg-agent:2120:1")

b. If "keyring" appears in the result, GPG will use the GNOME keyring agent and you will likely not be able to access the smartcard. (Example "/run/user/pete/keyring-k4pQam/gpg:0:1")

The exact paths, usernames, and numbers in the responses will vary. This is normal. It's the presence of either "S.gpg-agent" or "keyring" that identify which agent is being used.

4. Run "gpg2 --card-status" (or "gpg --card-status" if you don't have gnupg2 installed) to verify that GPG is able to communicate with the card.

*****

Even though it doesn't solve the underlying problem, I hope this workaround is helpful.