Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

Issues with smart card since update to FC16

 

 

GnuPG devel RSS feed   Index | Next | Previous | View Threaded


greve at fsfeurope

Dec 23, 2011, 2:10 PM

Post #1 of 1 (239 views)
Permalink
Issues with smart card since update to FC16

Hi all,

I've been using the Fellowship smart card for years under Debian and Fedora,
up until updating to Fedora 16.

Ever since I keep having issues that are, well, odd.

Take the following instructions of pinentry-qt4 upon trying to decrypt an
email in Kontact (screenshot attached). This is the gpg --card-status output
for the very same card:

Application ID ...: D2760001240101010001000003500000
Version ..........: 1.1
Manufacturer .....: PPC Card Systems
Serial number ....: 00000350
Name of cardholder: Georg C.F. Greve
Language prefs ...: ende
Sex ..............: male
URL of public key : http://gnuhh.org/greve-public.asc
Login data .......: greve
Private DO 1 .....: [not set]
Private DO 2 .....: [7] Georg C. F. Greve <greve [at] fsfe>
CA fingerprint 1 .: C485 A6CD 7EC6 6E9E EC33 65F2 70F2 75E4 C32F 6CA5
Signature PIN ....: not forced
Key attributes ...: 1024R 1024R 1024R
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 0 3
Signature counter : 48318
Signature key ....: E2E7 DABF 1B6D 948E A55E 07B4 293D B14C B7DB 041C
created ....: 2005-05-02 11:35:48
Encryption key....: ECDA 0869 1DCE 2C60 C265 281D F953 D01F 7DF1 6B24
created ....: 2005-05-02 11:36:44
Authentication key: DF41 4ED5 A2C5 42D7 BF92 67D1 4742 F5AD 5378 AB47
created ....: 2005-05-02 11:37:16
General key info..: pub 1024R/B7DB041C 2005-05-02 Georg C. F. Greve (Kolab
Systems AG, CEO) <greve [at] kolabsys>
sec# 1024D/86574ACA created: 1999-02-20 expires: never
ssb> 1024R/B7DB041C created: 2005-05-02 expires: never
card-no: 0001 00000350
ssb> 1024R/7DF16B24 created: 2005-05-02 expires: never
card-no: 0001 00000350
ssb> 1024R/5378AB47 created: 2005-05-02 expires: never
card-no: 0001 00000350

When trying to decrypt a file on the command line, I get:

gpg: anonymous recipient; trying secret key C3C6A26D ...
gpg: protection algorithm 1 (IDEA) is not supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/faq/why-not-idea.html for more
information
gpg: anonymous recipient; trying secret key 7487FC5D ...
gpg: anonymous recipient; trying secret key A1783953 ...
gpg: anonymous recipient; trying secret key B7DB041C ...
gpg: fingerprint on card does not match requested one
gpg: anonymous recipient; trying secret key 7DF16B24 ...

Please enter the PIN
gpg: verify CHV2 failed: invalid passphrase
gpg: anonymous recipient; trying secret key 5378AB47 ...
gpg: fingerprint on card does not match requested one
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with ELG-E key, ID 00000000
gpg: decryption failed: secret key not available

when entering the correct PIN.


Trying to ssh into another machine does not even attempt smart card
authentication, which I guess may have to do with my running the agent without
scdaemon support, via:

--disable-scdaemon --pinentry-program /usr/bin/pinentry-qt4 --enable-ssh-
support --daemon --sh --write-env-file=/home/greve/.gpg-agent-info

So I guess the key should be listed in .gnupg/sshcontrol, which it is not.

But then, ssh-add -l, which I guess should add it, tells me:

The agent has no identities.


The environment variables in the session look okay, I guess:

declare -x GPG_AGENT_INFO="/home/greve/.gnupg/S.gpg-agent:1750:1"
declare -x SSH_AGENT_PID="1750"
declare -x SSH_ASKPASS="/usr/libexec/openssh/gnome-ssh-askpass"
declare -x SSH_AUTH_SOCK="/home/greve/.gnupg/S.gpg-agent.ssh"

and the pinentry dialogue pops up as expected.


So what's going on? Did something change to which I should have adapted my
setup when upgrading to FC 16? Or is this an issue with the new kernel series?
Or something else?

Pointers appreciated.

Best regards,
Georg


--
Georg C. F. Greve <greve [at] fsfeurope>
Member of the General Assembly
http://fsfe.org/about/greve/
http://blogs.fsfe.org/greve/
http://identi.ca/greve
Attachments: agent.png (15.5 KB)

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.