[pkg-gnupg-maint] missing feature in gnupg1 (1.4.21-3)

Micha Borrmann micha.borrmann at syss.de
Mon Mar 27 11:32:41 UTC 2017 

Am 15.03.2017 um 11:15 schrieb Werner Koch:
> On Tue, 14 Mar 2017 20:29, dkg at fifthhorseman.net said:
> 
>> from the given subshell you should be able to use "help" to see things
>> about gpg-agent, and the "scd" subcommand (e.g. "scd help") to inspect
> 
> For _debugging_ it might also be useful to put
> 
>   log-file tcp://1.2.3.4:PORTNO
>   verbose
>   debug ipc,reader,cardio
> 
> into scdaemon.conf and 
> 
>   log-file tcp://1.2.3.4:PORTNO
>   verbose
>   debug ipc
> 
> into gpg-agent.conf.  Then run
> 
> watchgnupg --tcp PORTNO
> 
>   on 1.2.3.4.  Use only a test PIN etc.

ok, now I was able to debug it.

Here is the output of the console after I was entering an invalid PIN (with the valid PIN it is always the same):

gpg: cannot open /dev/tty': No such device or address
Reader ...........: 058F:9540:X:0
Application ID ...: D2760001240102010005000045EC0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 000045EC
Name of cardholder: Micha Borrmann
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa2048 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 491
Signature key ....: F2E7 C6A5 9950 84ED 7AD6  0DD4 EDBE 26E7 14EA 5876
      created ....: 2016-02-17 15:26:16
Encryption key....: ADB2 069E 7A1A 6558 2966  47A1 4E81 F234 C254 AF58
      created ....: 2016-02-17 15:26:16
Authentication key: EEE0 138F C87E 164B E6D8  3ED9 3768 D170 FA56 C0D6
      created ....: 2016-02-17 15:26:16
General key info..: Enter smartcard PIN or passphrase for key /etc/keys/cryptkey.gpg:
gpg: starting migration from earlier GnuPG version
gpg: porting secret keys from '/etc/keys/secring.gpg' to gpg-agent
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: migration succeeded
gpg: decryption failed: Invalid cipher algorithm
cryptsetup (sda3_crypt): cryptsetup failed, bad password or options?
gpg: cannot open /dev/tty': No such device or address
Reader ...........: 058F:9540:X:0
Application ID ...: D2760001240102010005000045EC0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 000045EC
Name of cardholder: Micha Borrmann
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa2048 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 491
Signature key ....: F2E7 C6A5 9950 84ED 7AD6  0DD4 EDBE 26E7 14EA 5876
      created ....: 2016-02-17 15:26:16
Encryption key....: ADB2 069E 7A1A 6558 2966  47A1 4E81 F234 C254 AF58
      created ....: 2016-02-17 15:26:16
Authentication key: EEE0 138F C87E 164B E6D8  3ED9 3768 D170 FA56 C0D6
      created ....: 2016-02-17 15:26:16
General key info..: Enter smartcard PIN or passphrase for key /etc/keys/cryptkey.gpg:

The result of watchgnupg is attached to this e-mail.

Maybe these lines describe the problem (the smartcard was not taking out of the reader):

  7 - 2017-03-27 13:08:05 scdaemon[271]: DBG: apdu_open_reader: new device=30200
  7 - 2017-03-27 13:08:05 scdaemon[271]: ccid open error: skip
  7 - 2017-03-27 13:08:05 scdaemon[271]: DBG: enter: apdu_open_reader: portstr=(null)
  7 - 2017-03-27 13:08:05 scdaemon[271]: pcsc_establish_context failed: no service (0x8010001d)
  7 - 2017-03-27 13:08:05 scdaemon[271]: DBG: leave: apdu_open_reader => slot=-1 [pc/sc]
  7 - 2017-03-27 13:08:05 scdaemon[271]: DBG: chan_5 -> ERR 100696144 No such device <SCD>
  6 - 2017-03-27 13:08:05 gpg-agent[269]: DBG: chan_11 <- ERR 100696144 No such device <SCD>
  6 - 2017-03-27 13:08:05 gpg-agent[269]: DBG: no device present
  6 - 2017-03-27 13:08:05 gpg-agent[269]: smartcard decryption failed: Card not present
  6 - 2017-03-27 13:08:05 gpg-agent[269]: command 'PKDECRYPT' failed: Card not present
  6 - 2017-03-27 13:08:05 gpg-agent[269]: DBG: chan_9 -> ERR 67108976 Card not present <GPG Agent>
  7 - 2017-03-27 13:08:05 scdaemon[271]: DBG: chan_5 <- RESTART

As described in the past, uncryption works with the symmetric passphrase of /etc/keys/cryptkey.gpg but not with the PIN.
If I use GnuPG 1, everything is fine.

Thanks for helpful hints.

Regards,

Micha Borrmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: watchgnupg.log
Type: text/x-log
Size: 52573 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170327/d16214b5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170327/d16214b5/attachment.sig>

More information about the pkg-gnupg-maint mailing list