Required
Where is it?
In my case the smartcard wasn’t immediately available to gpg, despite it clearly showing up in lsusb.
You can check this with
gpg --card-statusThis command should output some information about the present smartcard. If the output looks like the desert scene out of an old western movie, it’s probably not being recognized correctly.
With WSL, gnupg apparently can’t simply access the device,
which would normally be made possible by installing libusb-compat.
To use the smartcard, we need to install pcsclite, which manages the smartcard,
as well as ccid, which is a generic CCID driver.
Then we enable and start the pcscd socket and service, which means it will be started, whenever needed
sudo systemctl enable pcscdsudo systemctl start pcscdAs described in the Arch Wiki page about GnuPG however, forwarding the smartcard to WSL will most likely throw errors.
Following the wiki on how to fix this, we simply add a new polkit rule to allow all users of the wheel group
(which our user is a part of), access to the smartcard.
The polkit rules are written in JavaScript and I chose to put this rule in /etc/polkit-1/rules.d/99-pcscd.rules.
polkit.addRule(function (action, subject) { if ( action.id == "org.debian.pcsc-lite.access_card" && subject.isInGroup("wheel") ) { return polkit.Result.YES; }});polkit.addRule(function (action, subject) { if ( action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("wheel") ) { return polkit.Result.YES; }});Restart the polkit.service
sudo systemctl restart polkit.serviceor even better, restart WSL (only restarting polkit didn’t work for me)
-
Terminal window exit -
Terminal window wsl.exe --shutdownarch.exe
In my case, it was still trying to connect to the smartcard using the integrated ccid,
so I needed to disable it by modifying/creating ~/.gnupg/scdaemon.conf
disable-ccid