[Pkg-gnupg-maint] Bug#775559: gnupg2: New default hashing (SHA256) signing fails with cryptostick/nitrokey (storage version)

Luca Bruno lucab at debian.org
Sat Jan 17 11:55:47 UTC 2015 

Package: gnupg2
Version: 2.0.26-4
Severity: important

With the latest gnupg2 package targeted for the Jessie, defaulting hashing
algorithm has been changed to SHA256. This broke my smartcard setup using a
cryptostick/nitrokey (storage version, latest 0.18 firmware) as signing now fails with:

$ gpg --armor -s pippo.txt 
gpg: sending command `SCD PKSIGN' to agent failed: ec=6.32817
gpg: signing failed: general error
gpg: signing failed: general error

After that, scdaemon and/or gpg-agent got really confused and I have to replug
the dongle to get it working again.
I saw that switching back the default hashing algorithm to SHA1 works, so for the 
time being I have to use the following line in my gpg.conf:

personal-digest-preferences SHA1

I'm not sure if it is a firmware or gnupg2 bug, as such I'm also CC:ing nitrokey
makers (Jan and George) here.

My current setup is with 3x4096 keys on the dongle, and I'm experiencing this failure
both with scdaemon and pcscd.
When signing fails, I see the following in my scdaemon debug log:

scdaemon[7609]: chan_10 -> OK GNU Privacy Guard's Smartcard server ready
scdaemon[7609]: chan_7 <- SETDATA D4C076C2A0E30219D4631EDF85E8844C41EA950A8549D0B3A7BD4D18D550CD8A
scdaemon[7609]: chan_7 -> OK
scdaemon[7609]: chan_10 <- SERIALNO
scdaemon[7609]: chan_10 -> S SERIALNO <MY_SERIALNO> 0
scdaemon[7609]: chan_10 -> OK
scdaemon[7609]: chan_7 <- PKSIGN --hash=sha256 <MY_SERIALNO>/<MY_SIGNING_KEYID>
2015-01-17 12:21:02 scdaemon[7609] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0
2015-01-17 12:21:02 scdaemon[7609] DBG:  response: sw=9000  datalen=217
2015-01-17 12:21:02 scdaemon[7609] DBG: send apdu: c=00 i=CA p1=00 p2=7A lc=-1 le=256 em=0
2015-01-17 12:21:02 scdaemon[7609] DBG:  response: sw=9000  datalen=5
2015-01-17 12:21:02 scdaemon[7609] signatures created so far: 261
2015-01-17 12:21:02 scdaemon[7609] DBG: asking for PIN '||Please enter the PIN%0A[sigs done: 261]'
scdaemon[7609]: chan_7 -> INQUIRE NEEDPIN ||Please enter the PIN%0A[sigs done: 261]
scdaemon[7609]: chan_10 <- GETATTR APPTYPE
scdaemon[7609]: chan_10 -> S APPTYPE OPENPGP
scdaemon[7609]: chan_10 -> OK
scdaemon[7609]: chan_7 <- [ XX XX XX ...(76 byte(s) skipped) ]
scdaemon[7609]: chan_7 <- END
2015-01-17 12:21:07 scdaemon[7609] DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0
2015-01-17 12:21:07 scdaemon[7609] DBG:  raw apdu: 00 20 00 81 06 31 34 30 37 32 32
2015-01-17 12:21:07 scdaemon[7609] DBG:  response: sw=9000  datalen=0
2015-01-17 12:21:07 scdaemon[7609] DBG:     dump:  
2015-01-17 12:21:07 scdaemon[7609] DBG: send apdu: c=00 i=2A p1=9E p2=9A lc=51 le=2048 em=1
2015-01-17 12:21:30 scdaemon[7609] ccid_transceive failed: (0x1000a)
2015-01-17 12:21:30 scdaemon[7609] apdu_send_simple(0) failed: card I/O error
2015-01-17 12:21:30 scdaemon[7609] operation sign result: Input/output error
2015-01-17 12:21:30 scdaemon[7609] app_sign failed: Input/output error
scdaemon[7609]: chan_7 -> ERR 100696113 Input/output error <SCD>

(I removed some raw apdu data dumps, as I'm not sure about leaking data).

Some comments:
 * Looking at the timestamp, once can see a few seconds gap and then the scdaemon 
   declaring I/O error; in that meanwhile, I see the activity led on the dongle 
   staying "fixed on red" and turning off only few seconds after. Some timeout too short?
 * I see a response with datalen=0, but I don't know the protocol. 
   Maybe something went wrong there?
 * Using SHA1, operation succeeds and the dongle response apdu is
   "response: sw=9000  datalen=511"

I'm filing this here as cryptostick/nitrokey users may find it non-working out of the box in
Debian Jessie, while for it was ok until the last week. Just to be clear, above workaround 
works and I'm not suggesting to revert the default. However, I would like to see this properly
fixed.

@Jan, George: can you reproduce this? If not, I'm currently based in Berlin and I'll be glad to
meet to help inspecting this.

Cheers, Luca

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg2 depends on:
ii  dpkg             1.17.23
ii  gnupg-agent      2.0.26-4
ii  install-info     5.2.0.dfsg.1-6
ii  libassuan0       2.1.2-2
ii  libbz2-1.0       1.0.6-7+b2
ii  libc6            2.19-13
ii  libcurl3-gnutls  7.38.0-4
ii  libgcrypt20      1.6.2-4+b1
ii  libgpg-error0    1.17-3
ii  libksba8         1.3.2-1
ii  libreadline6     6.3-8+b3
ii  zlib1g           1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  libldap-2.4-2  2.4.40-3

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the Pkg-gnupg-maint mailing list