1SCDAEMON(1) GNU Privacy Guard SCDAEMON(1)
2
3
4
6 scdaemon - Smartcard daemon for the GnuPG system
7
9 scdaemon [--homedir dir] [--options file] [options] --server
10 scdaemon [--homedir dir] [--options file] [options] --daemon [com‐
11 mand_line]
12
13
14
16 The scdaemon is a daemon to manage smartcards. It is usually invoked
17 by gpg-agent and in general not used directly.
18
19
20
21
23 Commands are not distinguished from options except for the fact that
24 only one command is allowed.
25
26
27 --version
28 Print the program version and licensing information. Not that
29 you can abbreviate this command.
30
31
32 --help, -h
33 Print a usage message summarizing the most useful command-line
34 options. Not that you can abbreviate this command.
35
36
37 --dump-options
38 Print a list of all available options and commands. Not that
39 you can abbreviate this command.
40
41
42 --server
43 Run in server mode and wait for commands on the stdin. This is
44 default mode is to create a socket and listen for commands
45 there.
46
47
48 --multi-server
49 Run in server mode and wait for commands on the stdin as well as
50 on an additional Unix Domain socket. The server command GETINFO
51 may be used to get the name of that extra socket.
52
53
54 --daemon
55 Run the program in the background. This option is required to
56 prevent it from being accidentally running in the background.
57
58
59
60
62 --options file
63 Reads configuration from file instead of from the default per-
64 user configuration file. The default configuration file is
65 named ‘scdaemon.conf’ and expected in the ‘.gnupg’ directory
66 directly below the home directory of the user.
67
68
69 --homedir dir
70 Set the name of the home directory to dir. If this option is not
71 used, the home directory defaults to ‘~/.gnupg’. It is only
72 recognized when given on the command line. It also overrides
73 any home directory stated through the environment variable
74 ‘GNUPGHOME’ or (on W32 systems) by means of the Registry entry
75 HKCU\Software\GNU\GnuPG:HomeDir.
76
77
78
79
80 -v
81
82 --verbose
83 Outputs additional information while running. You can increase
84 the verbosity by giving several verbose commands to gpgsm, such
85 as '-vv'.
86
87
88 --debug-level level
89 Select the debug level for investigating problems. level may be
90 a numeric value or a keyword:
91
92
93 none No debugging at all. A value of less than 1 may be used
94 instead of the keyword.
95
96 basic Some basic debug messages. A value between 1 and 2 may
97 be used instead of the keyword.
98
99 advanced
100 More verbose debug messages. A value between 3 and 5 may
101 be used instead of the keyword.
102
103 expert Even more detailed messages. A value between 6 and 8 may
104 be used instead of the keyword.
105
106 guru All of the debug messages you can get. A value greater
107 than 8 may be used instead of the keyword. The creation
108 of hash tracing files is only enabled if the keyword is
109 used.
110
111 How these messages are mapped to the actual debugging flags is not
112 specified and may change with newer releases of this program. They are
113 however carefully selected to best aid in debugging.
114
115 All debugging options are subject to change and thus should not
116 be used by any application program. As the name says, they are
117 only used as helpers to debug problems.
118
119
120
121 --debug flags
122 This option is only useful for debugging and the behaviour may
123 change at any time without notice. FLAGS are bit encoded and
124 may be given in usual C-Syntax. The currently defined bits are:
125
126
127 0 (1) command I/O
128
129 1 (2) values of big number integers
130
131 2 (4) low level crypto operations
132
133 5 (32) memory allocation
134
135 6 (64) caching
136
137 7 (128)
138 show memory statistics.
139
140 9 (512)
141 write hashed data to files named dbgmd-000*
142
143 10 (1024)
144 trace Assuan protocol
145
146 11 (2048)
147 trace APDU I/O to the card. This may reveal sensitive
148 data.
149
150
151 --debug-all
152 Same as --debug=0xffffffff
153
154
155 --debug-wait n
156 When running in server mode, wait n seconds before entering the
157 actual processing loop and print the pid. This gives time to
158 attach a debugger.
159
160
161 --debug-ccid-driver
162 Enable debug output from the included CCID driver for smart‐
163 cards. Using this option twice will also enable some tracing of
164 the T=1 protocol. Note that this option may reveal sensitive
165 data.
166
167
168 --debug-disable-ticker
169 This option disables all ticker functions like checking for card
170 insertions.
171
172
173 --debug-allow-core-dump
174 For security reasons we won't create a core dump when the
175 process aborts. For debugging purposes it is sometimes better
176 to allow core dump. This options enables it and also changes
177 the working directory to ‘/tmp’ when running in --server mode.
178
179
180 --debug-log-tid
181 This option appends a thread ID to the PID in the log output.
182
183
184
185 --no-detach
186 Don't detach the process from the console. This is mainly use‐
187 ful for debugging.
188
189
190 --log-file file
191 Append all logging output to file. This is very helpful in see‐
192 ing what the agent actually does.
193
194
195
196 --pcsc-driver library
197 Use library to access the smartcard reader. The current default
198 is ‘libpcsclite.so’. Instead of using this option you might
199 also want to install a symbolic link to the default file name
200 (e.g. from ‘libpcsclite.so.1’).
201
202
203 --ctapi-driver library
204 Use library to access the smartcard reader. The current default
205 is ‘libtowitoko.so’. Note that the use of this interface is
206 deprecated; it may be removed in future releases.
207
208
209 --disable-ccid
210 Disable the integrated support for CCID compliant readers. This
211 allows to fall back to one of the other drivers even if the
212 internal CCID driver can handle the reader. Note, that CCID
213 support is only available if libusb was available at build time.
214
215
216 --reader-port number_or_string
217 This option may be used to specify the port of the card termi‐
218 nal. A value of 0 refers to the first serial device; add 32768
219 to access USB devices. The default is 32768 (first USB device).
220 PC/SC or CCID readers might need a string here; run the program
221 in verbose mode to get a list of available readers. The default
222 is then the first reader found.
223
224 To get a list of available CCID readers you may use this com‐
225 mand:
226 echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
227
228
229
230 --card-timeout n
231 If n is not 0 and no client is actively using the card, the card
232 will be powered down after n seconds. Powering down the card
233 avoids a potential risk of damaging a card when used with cer‐
234 tain cheap readers. This also allows non Scdaemon aware appli‐
235 cations to access the card. The disadvantage of using a card
236 timeout is that accessing the card takes longer and that the
237 user needs to enter the PIN again after the next power up.
238
239 Note that with the current version of Scdaemon the card is pow‐
240 ered down immediately at the next timer tick for any value of n
241 other than 0.
242
243
244
245 --disable-keypad
246 Even if a card reader features a keypad, do not try to use it.
247
248
249
250 --deny-admin
251 This option disables the use of admin class commands for card
252 applications where this is supported. Currently we support it
253 for the OpenPGP card. This commands is useful to inhibit acci‐
254 dental access to admin class command which could ultimately lock
255 the card through wrong PIN numbers. Note that GnuPG versions
256 older than 2.0.11 featured an --allow-admin command which was
257 required to use such admin commands. This option has no more
258 effect today because the default is now to allow admin commands.
259
260
261 --disable-application name
262 This option disables the use of the card application named name.
263 This is mainly useful for debugging or if a application with
264 lower priority should be used by default.
265
266
267 All the long options may also be given in the configuration file
268 after stripping off the two leading dashes.
269
270
271
273 scdaemon supports the card applications as described below.
274
275
276
277
278 The OpenPGP card application ``openpgp''
279
280
281 This application is currently only used by gpg but may in future also
282 be useful with gpgsm. Version 1 and version 2 of the card is sup‐
283 ported.
284
285 The specifications for these cards are available at
286 (http://g10code.com/docs/openpgp-card-1.0.pdf) and
287 (http://g10code.com/docs/openpgp-card-2.0.pdf).
288
289
290
291 The Telesec NetKey card ``nks''
292
293
294 This is the main application of the Telesec cards as available in Ger‐
295 many. It is a superset of the German DINSIG card. The card is used by
296 gpgsm.
297
298
299
300 The DINSIG card application ``dinsig''
301
302
303 This is an application as described in the German draft standard DIN V
304 66291-1. It is intended to be used by cards supporting the German sig‐
305 nature law and its bylaws (SigG and SigV).
306
307
308
309 The PKCS#15 card application ``p15''
310
311
312 This is common framework for smart card applications. It is used by
313 gpgsm.
314
315
316
317 The Geldkarte card application ``geldkarte''
318
319
320 This is a simple application to display information of a German Geld‐
321 karte. The Geldkarte is a small amount debit card application which
322 comes with almost all German banking cards.
323
324
325
326
328 $ scdaemon --server -v
329
330
331
332
334 There are a few configuration files to control certain aspects of
335 scdaemons's operation. Unless noted, they are expected in the current
336 home directory (see: [option --homedir]).
337
338
339
340 scdaemon.conf
341 This is the standard configuration file read by scdaemon on
342 startup. It may contain any valid long option; the leading two
343 dashes may not be entered and the option may not be abbreviated.
344 This default name may be changed on the command line (see:
345 [option --options]).
346
347
348 scd-event
349 If this file is present and executable, it will be called on
350 veyer card reader's status changed. An example of this script is
351 provided with the distribution
352
353
354 reader_n.status
355 This file is created by sdaemon to let other applications now
356 about reader status changes. Its use is now deprecated in favor
357 of ‘scd-event’.
358
359
360
361
362
364 gpg-agent(1), gpgsm(1), gpg2(1)
365
366 The full documentation for this tool is maintained as a Texinfo manual.
367 If GnuPG and the info program are properly installed at your site, the
368 command
369
370 info gnupg
371
372 should give you access to the complete manual including a menu struc‐
373 ture and an index.
374
375
376
377
378GnuPG 2.0.14 2018-07-13 SCDAEMON(1)