Can't access D-Trust card with kleoprata / okular

I try to read my qes from a d-trust smart card (a german provider für qes). My card reader is: SCM uTrust SCR3500 C - USB Typ C SmartFold contact Reader. I have gpg-card version:

gpg-card --version
gpg-card (GnuPG) 2.4.4
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Using gpg-card (with reader and smart card plugged in) gives:

gpg-card
Error reading card: Card not present
gpg/card>

Accordingly I can’t use my certificates in kleopatra or okular (wich is my main problem, I want to sign PDFs).
But I’m able to see the reader, the smartcard and my certificates in firefox. pcsc_scan gives:

Using reader plug’n play mechanism
Scanning present readers…
0: Identiv SCR3500 C Contact Reader [CCID Interface] (55592327603370) 00 00

Fri May 2 16:25:51 2025
Reader 0: Identiv SCR3500 C Contact Reader [CCID Interface] (55592327603370) 00 00
Event number: 1
Card state: Card inserted, Shared Mode,
ATR: 3B D2 18 00 81 31 FE 58 C9 04 11

ATR: 3B D2 18 00 81 31 FE 58 C9 04 11
+ TS = 3B → Direct Convention
+ T0 = D2, Y(1): 1101, K: 2 (historical bytes)
TA(1) = 18 → Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TC(1) = 00 → Extra guard time: 0
TD(1) = 81 → Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = 31 → Y(i+1) = 0011, Protocol T = 1
-----
TA(3) = FE → IFSC: 254
TB(3) = 58 → Block Waiting Integer: 5 - Character Waiting Integer: 8
+ Historical bytes: C9 04
Category indicator byte: C9 (proprietary format)
+ TCK = 11 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
XX YY XX YY XX YY XX YY XX YY XX
Identity Card in Slovakia with security chip and e-signature issued after 2021-06-21 (eID)

Hi @triessner,
can you try getting more diagnostic information?

Add --verbose to the gpg-card call.

Check the system log (e.g. with journalctl) about what happens when you plug in the reader.

It could be your reader, can you try a different one?

Best Regards,
Bernhard

Hi!

sorry for getting back to you pretty late but I am not following the forum myself. To help me triaging your the problem, I need a debug log froms scdaemon. That is put

log-file /somewhere/scd.log
debug ipc,app,reader,cardio

into ~/.gnupg/scdaemon,conf (%APPDATA%\gnupg\scddaemon.conf on Windows) and restart scdameon using

gpgconf -K scdaemon

Then try again. With your somewhat older version I am not sure whether the PIN is redacted. Please check yourself in the log file (you will see them as hex, for example 123 is 31 32 33)

If you are on Linux or BSD please try also with the gnupg integrated reader code instead of PC/SC. That is stop pcscd and make sure that disable-ccid-driver is not set in scdaemon.conf.

now I’m sorry for getting back really late. Meanwhile I’ve updated openSuSE and my version of gpg-card is: 2.5.5. And I have additionally a new card from d-trust with version 5.1 and a reinersct cyberJack RFID komfort reader. But still the same behavior. I can see both cards in pcsc_scan with both readers. But gpg-card –verbose still gives only Error reading card: Card not present, on both readers. I added the ‘logfile’ and ‘debug’ options to the scdaemon.conf. But no log-file was created. journalctrl -f gives no obvious errors with the exception of

fwupd[2918]: 15:12:02.097 FuBackend failed to
create device: failed to probe: failed to open /sys/devices/pci0000:00/0000:00:14.0/ueven
t: to many open files
But in Firefox the certificates from the old d-trust card can be read nevertheless (not from the new one so far). Is there any chance to get the d-trust cards working with kleopatra?