I've loaded up my Yubikey 4 with my OpenPGP keys, and my X.509 certificates (which I use for S/MIME). I'm using Fedora 24, and NSS has been configured to use the OpenSC PKCS#11 module and it all seems to work with Thunderbird, Evolution, Firefox, etc. The trouble is both GnuPG and OpenSC seem to dislike sharing the toys.
- If I launch an NSS-based application with the OpenSC module, it locks the Yubikey and I can't GnuPG with it until I quit that application.
- Conversely, if I've run GnuPG first I have to kill scdaemon (and re-plug) before I can use PIV functionality again.
This is all a bit clunky. Is there something I've missed to get seamless co-existence of GnuPG and OpenSC, or are these just known shortcomings with multi-application smartcards?
I can't really unload the OpenSC module completely from NSS as it's needed for my work smart card. So far the only workaround I've found is to bodge together a local OpenSC config file to use the wrong driver for the YK4 ATR (thereby disabling it), and use environment variables to flip between it and the default config for when I need the keys stored in the Yubikey's PIV applet.
Login
FAQ
Search
