Posts Tagged ‘cryptostick’

Fixing hanging Crypto Stick (and other USB peripherals) problems

Wednesday, December 28th, 2011

As you may or may not know, we use the Crypto Stick as our SSH authentication mechanism. Lately, some of us are experiencing ‘hanging’ every now-and-again. Yesterday, I found a blogpost on Ludovic Rousseau’s blog, detailing that this problem stems from a race condition in libusb. This problem is fixed in an experimental branch of libusb. As a full upgrade of libusb (from an experimental branch no less) is out of the question, I backported the patch to Ubuntu 11.04 (natty) and 11.11 (oneiric). These packages indeed solve the problem of the ‘hanging’ Crypto Stick (and probably every other ‘hanging’ USB device). Binary and source packages are available here in our repository. Or, you can add our repo to your sources.list:

  • Natty: deb natty-kumina main
  • Oneiric: deb oneiric-kumina main

Installing the Cryptostick in Ubuntu 11.04

Tuesday, July 5th, 2011

As you probably know by now: We have our SSH and PGP-keys on a CryptoStick. But getting it to work used to be somewhat harder than it is now. So without further ado: The (almost) foolproof way to get SSH and PGP working with the CryptoStick in Ubuntu:

  1. sudo apt-get install gpgsm libccid gnupg-agent
  2. Go to System > Preferences > Startup Applications and disable “SSH Key Agent”, “Secret Storage Service” and “Certificate and Key Storage” (You could possibly only disable the SSH Key Agent, but this is untested)
  3. gpg --card-edit and gpg/card> fetch to import your card public keys. Alternatively, setup your CryptoStick at this stage
  4. echo "enable-ssh-support" >> .gnupg/gpg-agent.conf
  5. Log out and back in
  6. DONE!

You should now see a pinentry program when SSH’ing or signing a message.

HowTo: Reset a cryptostick

Monday, February 21st, 2011

We use this cryptostick a lot and always thought that there was no way to reset it once you entered the admin PIN incorrectly three times. Well, there is a way to reset it! Found it here and describing it below for future reference.