[pkg-gnupg-maint] missing feature in gnupg1 (1.4.21-3)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Mar 17 14:09:13 UTC 2017
On Fri 2017-03-17 02:54:15 -0400, Micha Borrmann wrote:
> With GnuPG1 the "General key info" is displayed (see below)
sorry, micha, i didn't see anything about this below.
> on my normal Linux system the command works fine. I've tested it just
> in this moment:
>
> # /lib/cryptsetup/askpass "Enter smartcard PIN or passphrase for key /etc/keys/cryptkey.gpg: " | /usr/bin/gpg2 --quiet --batch --homedir "$(dirname /etc/keys/cryptkey.gpg)" --trustdb-name /dev/null --pinentry-mode=loopback --passphrase-fd 0 --decrypt /etc/keys/cryptkey.gpg
> Enter smartcard PIN or passphrase for key /etc/keys/cryptkey.gpg: ********
>
> and the decrypted content will be displayed on the screen if the PIN
> was typed correctly. However, also in initramfs the decryption works
> but only with the symmetric passphrase of /etc/keys/cryptkey.gpg and
> not with smart card and PIN.
>
> The following lines in /lib/cryptsetup/scripts/decrypt_gnupg_sc are
> running fine (but it's GnuPG1).
>
> /usr/bin/gpg1 --card-status >&2
> if ! /lib/cryptsetup/askpass \
> "Enter smartcard PIN or passphrase for key $1: " | \
> /usr/bin/gpg1 --quiet --batch --homedir "$(dirname $1)" \
> --trustdb-name /dev/null --passphrase-fd 0 --decrypt $1; then
> return 1
> fi
>
> For me it was not possible to use it with GnuPG2 and that it the only
> one reason that I need GnuPG1 with smart card support.
>
> It would be nice to find a way to use it with GnuPG2.
gniibe, maybe you can provide better debugging next-steps? have you
ever used scdaemon in the initramfs?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170317/d9e2ab4f/attachment.sig>
More information about the pkg-gnupg-maint
mailing list