-
smart card reader supported by GnuPG
I use 0.332, a mod of the SCM332 V2 which is comparatively light and small. Previously, I was simply using the SCM332 V2 directly with an OTG adapter.
-
root access from Termux
-
libusb-devavailable in the Termux root repo -
a bunch of additional packages
I didn’t keep track of which packages are needed in particular, so here’s a list of all the packages that I currently have installed:
apt,autoconf,automake,bash,binutils,busybox,ca-certificates,clang,command-not-found,coreutils,darkhttpd,dash,diffutils,dirmngr,dpkg,emacs,findutils,gawk,gdbm,gettext,git,glib,gnupg,gnutls,golang,gpgv,grep,hunspell,hunspell-en-us,ldns,less,libandroid-glob,libandroid-support,libandroid-support-dev,libassuan,libassuan-dev,libbz2,libc++,libcroco,libcrypt,libcrypt-dev,libcurl,libedit,libffi,libgcrypt,libgcrypt-dev,libgmp,libgnutls,libgnutls-dev,libgpg-error,libgpg-error-dev,libidn,libidn2,libidn2-dev,libksba,libksba-dev,libllvm,libltdl,liblzma,libmpfr,libnettle,libnettle-dev,libnghttp2,libnpth,libnpth-dev,libsqlite,libtalloc,libtool,libunistring,libusb,libusb-dev,libutil,libxml2,lynx,m4,make,man,ncurses,ncurses-ui-libs,ndk-stl,ndk-sysroot,openssh,openssl,pcre,pcre2,perl,pinentry,proot,python,python-dev,readline,readline-dev,resolv-conf,screen,sed,termux-am,termux-api,termux-exec,termux-tools,texinfo,tsu,vim,vim-runtime
$ cd
$ mkdir -p src
$ cd src
$ git clone git://git.gnupg.org/gnupg.git
$ cd gnupg
$ git checkout gnupg-2.2.12 # matches GnuPG in Termux
$ export C_INCLUDE_PATH="$PREFIX/include/:$PREFIX/include/libusb-1.0/:$PREFIX/include/libandroid-support"
$ ./autogen.sh
$ ./configure --enable-maintainer-mode --disable-doc --with-pinentry-pgm="$PREFIX/bin/pinentry-curses" --with-scdaemon-pgm="$PWD/scd/scdaemon" --host=aarch64-unknown-linux-android
$ make -j 4
Specifying the host to configure is necessary because otherwise
Android is not detected:
$ ./build–aux/config.guess
aarch64-unknown-linux-gnu
-
If connected, disconnect the card reader from your phone.
-
Stop any running instances of the GnuPG Agent:
$ tsu $ gpgconf --kill all -
As root, start the agent after killing any running instances:
$ "$HOME/src/gnupg/agent/gpg-agent" --homedir "$HOME/.gnupg/" --daemonThen give the ordinary user access to the socket created by the agent:
$ chown -R u0_a88.u0_a88 ~/.gnupgAnd end your session as root:
$ exit -
From now on, you can continue with the GnuPG that comes with Termux. It is compatible with the GnuPG that was just installed.
-
Connect reader to phone and insert card.
-
Check the card’s status:
$ gpg --card-status […] gpg: WARNING: unsafe ownership on homedir '/data/data/com.termux/files/home/.gnupg' gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! Reader ...........: XXXX:XXXX:XXXXXXXXXXXXXX:X Application ID ...: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Version ..........: 2.1 Manufacturer .....: ZeitControl Serial number ....: XXXXXXXX […]
Note: It could be interesting trying to update the permissions of the USB device files so that the agent doesn’t need to be started as root user. However, so far I didn’t succeed, see also my post on serverfault.com.
@levinuss OK, so I just reactivated my old half-broken Xiaomi Mi A2. That’s the device on which I successfully tested the instructions in this gist. After rooting the A2, I copied over the Termux installation from my OnePlus 6T. Result: Same as on the 6T, the smartcard reader is not detected anymore. So the issue doesn’t seem to be related to hardware. If it’s not caused by Termux, then it could be an issue with Android Pie. Next step could be looking at the logs.