Omnikey 6121:无法写入OpenPGP智能卡

Question

我正在尝试使用带有OpenPGPv2智能卡的Omnikey 6121智能卡读取器。读者被认出了，正如我从gpg --card-status上看到的那样，我能够编辑一些卡片的细节，如URL、name等。

但是，当我试图发出"keytocard“命令时，会得到以下命令：

gpg: writing new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Please enter the Admin PIN
gpg: ccid_transceive failed: (0x10002)
gpg: apdu_send_simple(0) failed: invalid value
gpg: failed to store the key: invalid argument
gpg: error writing key to card: invalid argument

与--调试-ccid-驱动程序相同的错误。

同样，如果我只发出一个“生成”：

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n

Please enter the PIN
What keysize do you want for the Signature key? (2048) 
What keysize do you want for the Encryption key? (2048) 
What keysize do you want for the Authentication key? (2048) 
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and E-mail Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Deim0s Anomaly
E-mail address: deim0s@example.com
Comment: 
You selected this USER-ID:
    "Deim0s Anomaly <deim0s@example.com>"

Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? O
gpg: generating new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Please enter the Admin PIN
gpg: please wait while key is being generated ...
gpg: generating key failed
gpg: key generation failed: general error
Key generation failed: general error

gpg/card> 

到底怎么回事？有人能帮忙吗？

Answer 1

奇怪，但我终于成功地使这个设置工作(奥姆尼基6121 + OpenGPG v2卡)。只有凡人才能做到这一点：

1. 禁用/etc/X11/Xsession.d/中的90gpg-agent-mine和90ssh-agent-mine，这样它们就不会尝试启动gpg代理或ssh代理
2. 创建一个新的gpg-agent包装器，如https://blog.flameeyes.eu/2010/08/smart-cards-and-secret-agents中所解释的。

在(1)中，不从那里启动gpg代理的原因是它不会启用-启用-ssh-支持，这是我想要的。

通过发出一个gpg --card-status，您现在会注意到一个小延迟，然后：

gpg: detected reader `OMNIKEY CardMan (076B:6622) 6121 00 00'
Application ID ...: ......

这意味着卡现在也将工作的写作操作！耶！我的keytocard很成功:)