Skip to content

Instantly share code, notes, and snippets.

@geor-g

geor-g/README.md

Forked from feklee/README.md
Created February 11, 2019 00:21
Show Gist options
  • Save geor-g/62c4028eaf39db852b9372018e443646 to your computer and use it in GitHub Desktop.
Save geor-g/62c4028eaf39db852b9372018e443646 to your computer and use it in GitHub Desktop.
Download ZIP
GnuPG on Termux for accessing USB smart card reader
Raw
README.md

Prerequisites

  • smart card reader supported by GnuPG

    I use the SCM332 V2 with an OTG adapter to connect it to my Xiaomi Mi A2.

  • root access from Termux

  • libusb-dev available in the Termux root repo

  • a bunch of additional packages

    I didn’t keep track of which packages are needed in particular, so here’s a list of all the packages that I currently have installed:

    apt, autoconf, automake, bash, binutils, busybox, ca-certificates, clang, command-not-found, coreutils, darkhttpd, dash, diffutils, dirmngr, dpkg, emacs, findutils, gawk, gdbm, gettext, git, glib, gnupg, gnutls, golang, gpgv, grep, hunspell, hunspell-en-us, ldns, less, libandroid-glob, libandroid-support, libandroid-support-dev, libassuan, libassuan-dev, libbz2, libc++, libcroco, libcrypt, libcrypt-dev, libcurl, libedit, libffi, libgcrypt, libgcrypt-dev, libgmp, libgnutls, libgnutls-dev, libgpg-error, libgpg-error-dev, libidn, libidn2, libidn2-dev, libksba, libksba-dev, libllvm, libltdl, liblzma, libmpfr, libnettle, libnettle-dev, libnghttp2, libnpth, libnpth-dev, libsqlite, libtalloc, libtool, libunistring, libusb, libusb-dev, libutil, libxml2, lynx, m4, make, man, ncurses, ncurses-ui-libs, ndk-stl, ndk-sysroot, openssh, openssl, pcre, pcre2, perl, pinentry, proot, python, python-dev, readline, readline-dev, resolv-conf, screen, sed, termux-am, termux-api, termux-exec, termux-tools, texinfo, tsu, vim, vim-runtime

Build instructions

$ cd
$ mkdir -p src
$ cd src
$ git clone git://git.gnupg.org/gnupg.git
$ cd gnupg
$ git checkout gnupg-2.2.12 # matches GnuPG in Termux
$ export C_INCLUDE_PATH="$PREFIX/include/:$PREFIX/include/libusb-1.0/:$PREFIX/include/libandroid-support"
$ ./autogen.sh
$ ./configure --enable-maintainer-mode --disable-doc --with-pinentry-pgm="$PREFIX/bin/pinentry-curses" --with-scdaemon-pgm="$PWD/scd/scdaemon" --host=aarch64-unknown-linux-android
$ make -j 4

Specifying the host to configure is necessary because otherwise Android is not detected:

$ ./build–aux/config.guess
aarch64-unknown-linux-gnu

Detection test

  1. If connected, disconnect the card reader from your phone.

  2. Stop any running instances of the GnuPG Agent:

    $ tsu
$ gpgconf --kill all

  3. As root, start the agent after killing any running instances:

    $ "$HOME/src/gnupg/agent/gpg-agent" --homedir "$HOME/.gnupg/" --daemon

    Then give the ordinary user access to the socket created by the agent:

    $ chown -R u0_a88.u0_a88 ~/.gnupg

    And end your session as root:

    $ exit

  4. From now on, you can continue with the GnuPG that comes with Termux. It is compatible with the GnuPG that was just installed.

  5. Connect reader to phone and insert card.

  6. Check the card’s status:

    $ gpg --card-status
[…]
gpg: WARNING: unsafe ownership on homedir '/data/data/com.termux/files/home/.gnupg'
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Reader ...........: XXXX:XXXX:XXXXXXXXXXXXXX:X
Application ID ...: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: XXXXXXXX
[…]

Note: It could be interesting trying to update the permissions of the USB device files so that the agent doesn’t need to be started as root user. However, so far I didn’t succeed, see also my post on serverfault.com.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment