scdaemon(1)

1SCDAEMON(1)                    GNU Privacy Guard                   SCDAEMON(1)
2
3
4

NAME

6       scdaemon - Smartcard daemon for the GnuPG system
7

SYNOPSIS

9       scdaemon [--homedir dir] [--options file] [options] --server
10       scdaemon  [--homedir  dir]  [--options  file]  [options] --daemon [com‐
11       mand_line]
12
13
14

DESCRIPTION

16       The scdaemon is a daemon to manage smartcards.  It is  usually  invoked
17       by gpg-agent and in general not used directly.
18
19
20
21

COMMANDS

23       Commands  are  not  distinguished from options execpt for the fact that
24       only one one command is allowed.
25
26
27       --version
28              Print the program version and licensing information.   Not  that
29              you can abbreviate this command.
30
31
32       --help, -h
33              Print  a usage message summarizing the most usefule command-line
34              options.  Not that you can abbreviate this command.
35
36
37       --dump-options
38              Print a list of all available options and  commands.   Not  that
39              you can abbreviate this command.
40
41
42       --server
43              Run  in server mode and wait for commands on the stdin.  This is
44              default mode is to create  a  socket  and  listen  for  commands
45              there.
46
47
48       --multi-server
49              Run in server mode and wait for commands on the stdin as well as
50              on an additional Unix Domain socket.  The server command GETINFO
51              may be used to get the name of that extra socket.
52
53
54       --daemon
55              Run  the  program in the background.  This option is required to
56              prevent it from being accidently running in the background.
57
58
59
60

OPTIONS

62       --options file
63              Reads configuration from file instead of from the  default  per-
64              user  configuration  file.   The  default  configuration file is
65              named `scdaemon.conf' and expected  in  the  `.gnupg'  directory
66              directly below the home directory of the user.
67
68
69       --homedir dir
70              Set  the name of the home directory to dir. If his option is not
71              used, the home directory defaults to  `~/.gnupg'.   It  is  only
72              recognized  when  given  on the command line.  It also overrides
73              any home  directory  stated  through  the  environment  variable
74              `GNUPGHOME'  or  (on W32 systems) by means on the Registry entry
75              HKCU\Software\GNU\GnuPG:HomeDir.
76
77
78
79       -v
80
81       --verbose
82              Outputs additional information while running.  You can  increase
83              the  verbosity by giving several verbose commands to gpgsm, such
84              as '-vv'.
85
86
87       --debug-level level
88              Select the debug level for investigating problems. level may  be
89              one of:
90
91
92              none   no debugging at all.
93
94              basic  some basic debug messages
95
96              advanced
97                     more verbose debug messages
98
99              expert even more detailed messages
100
101              guru   all of the debug messages you can get
102
103       How  these  messages  are  mapped  to the actual debugging flags is not
104       specified and may change with newer releaes of this program.  They  are
105       however carefully selected to best aid in debugging.
106
107              All  debugging options are subject to change and thus should not
108              be used by any application program.  As the name says, they  are
109              only used as helpers to debug problems.
110
111
112
113       --debug flags
114              This  option  is only useful for debugging and the behaviour may
115              change at any time without notice.  FLAGS are  bit  encoded  and
116              may be given in usual C-Syntax. The currently defined bits are:
117
118
119              0 (1)  command I/O
120
121              1 (2)  values of big number integers
122
123              2 (4)  low level crypto operations
124
125              5 (32) memory allocation
126
127              6 (64) caching
128
129              7 (128)
130                     show memory statistics.
131
132              9 (512)
133                     write hashed data to files named dbgmd-000*
134
135              10 (1024)
136                     trace Assuan protocol
137
138              11 (2048)
139                     trace  APDU  I/O  to the card.  This may reveal sensitive
140                     data.
141
142
143       --debug-all
144              Same as --debug=0xffffffff
145
146
147       --debug-wait n
148              When running in server mode, wait n seconds before entering  the
149              actual  processing  loop  and print the pid.  This gives time to
150              attach a debugger.
151
152
153       --debug-ccid-driver
154              Enable debug output from the included  CCID  driver  for  smart‐
155              cards.  Using this option twice will also enable some tracing of
156              the T=1 protocol.  Note that this option  may  reveal  sensitive
157              data.
158
159
160       --debug-disable-ticker
161              This option disables all ticker functions like checking for card
162              insertions.
163
164
165       --debug-allow-core-dump
166              For security reasons we  won't  create  a  core  dump  when  the
167              process  aborts.   For debugging purposes it is sometimes better
168              to allow core dump.  This options enables it  and  also  changes
169              the working directory to `/tmp' when running in --server mode.
170
171
172
173       --no-detach
174              Don't  detach  the process from the console.  This is manly use‐
175              fule for debugging.
176
177
178       --log-file file
179              Append all logging output to file.  This is very helpful in see‐
180              ing what the agent actually does.
181
182
183
184       --pcsc-driver library
185              Use library to access the smartcard reader.  The current default
186              is `libpcsclite.so'.  Instead of using  this  option  you  might
187              also  want  to  install a symbolic link to the default file name
188              (e.g. from `libpcsclite.so.1').
189
190
191       --ctapi-driver library
192              Use library to access the smartcard reader.  The current default
193              is  `libtowitoko.so'.   Note  that  the use of this interface is
194              deprecated; it may be removed in future releases.
195
196
197       --disable-ccid
198              Disable the integrated support for CCID compliant readers.  This
199              allows  to  fall  back  to  one of the other drivers even if the
200              internal CCID driver can handle the  reader.   Note,  that  CCID
201              support is only available if libusb was available at build time.
202
203
204       --reader-port number_or_string
205              This  option  may be used to specify the port of the card termi‐
206              nal.  A value of 0 refers to the first serial device; add  32768
207              to access USB devices.  The default is 32768 (first USB device).
208              PC/SC or CCID readers might need a string here; run the  program
209              in verbose mode to get a list of available readers.  The default
210              is then the first reader found.
211
212              To get a list of available CCID readers you may  use  this  com‐
213              mand:
214         echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
215
216
217
218
219       --disable-keypad
220              Even if a card reader features a keypad, do not try to use it.
221
222
223
224       --allow-admin
225
226       --deny-admin
227              This  enables  the use of Admin class commands for card applica‐
228              tions where this is supported.  Currently we support it for  the
229              OpenPGP  card.  Deny is the default.  This commands is useful to
230              inhibit accidental access to admin  class  command  which  could
231              ultimately lock the card through worng PIN numbers.
232
233
234       --disable-application name
235              This option disables the use of the card application named name.
236              This is mainly useful for debugging or  if  a  application  with
237              lower priority should be used by default.
238
239
240              All the long options may also be given in the configuration file
241              after stripping off the two leading dashes.
242
243
244

CARD APPLICATIONS

246       scdaemon supports the card applications as described below.
247
248
249
250
251   The OpenPGP card application ``openpgp''
252
253
254       This application is currently only used by gpg but may in  future  also
255       be useful with gpgsm.
256
257       The    specification    for    such    a    card    is   available   at
258       (http://g10code.com/docs/openpgp-card-1.0.pdf).
259
260
261
262   The Telesec NetKey card ``nks''
263
264
265       This is the main application of the Telesec cards as available in  Ger‐
266       many.  It is a superset of the German DINSIG card.  The card is used by
267       gpgsm.
268
269
270
271   The DINSIG card application ``dinsig''
272
273
274       This is an application as described in the German draft standard DIN  V
275       66291-1.  It is intended to be used by cards supporting the German sig‐
276       nature law and its bylaws (SigG and SigV).
277
278
279
280   The PKCS#15 card application ``p15''
281
282
283       This is common fraqmework for smart card applications.  It is  used  by
284       gpgsm.
285
286
287
288

EXAMPLES

290         $ scdaemon --server -v
291
292
293
294

FILES

296       There  are  a  few  configuration  files  to control certain aspects of
297       scdaemons's operation. Unless noted, they are expected in  the  current
298       home directory (see: [option --homedir]).
299
300
301
302       scdaemon.conf
303              This  is  the  standard  configuration  file read by scdaemon on
304              startup.  It may contain any valid long option; the leading  two
305              dashes may not be entered and the option may not be abbreviated.
306              This default name may be  changed  on  the  command  line  (see:
307              [option --options]).
308
309
310       scd-event
311              If  this  file  is  present and executable, it will be called on
312              veyer card reader's status changed. An example of this script is
313              provided with the distribution
314
315
316       reader_n.status
317              This  file  is  created by sdaemon to let other applications now
318              about reader status changes.  Its use is now deprecated in favor
319              of `scd-event'.
320
321
322
323
324