Mailing List Archive: GnuPG: users

Cant get Fellowship card to work

Index | Next | Previous | View Threaded

mcse83 at hotmail

Jul 7, 2009, 1:24 PM

Post #1 of 7 (1448 views)
Permalink

Cant get Fellowship card to work

Hello Everyone,

I bought myself an SCM' SCR3340 ExpressCard smart card reader for my
laptop. I also signed up for a Fellowship smart card at:

http://fellowship.fsfe.org/card.en.html

I run Vista with SP2 and I have GnuPG 1.4.9 installed. When I go to a
command line and run the following command:

gpg --card-status

or

gpg --card-edit

I get the following error:

gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader `AKS VR 0'
gpg: detected reader `Aladdin Token JC 0'
gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
gpg: pcsc_connect failed: removed card (0x80100069)
gpg: card reader not available
gpg: OpenPGP card not available: general error

I *know* my smart card reader has been installed correctly as I can see
it in device manager. I have even updated to the latest drivers today
and firmware. For some reason I just cant read my Fellowship card.

Can anyone help please? Is it a hardware issue? An incompatible smart
card reader?

I have also just ordered 3 of the new OpenPGP cards (that supprt 3072
but keys) and I am REALLY hoping I dont have the same problem like I am
with the Fellowship card ;-(

Thank you.

Attachments:

smime.p7s (5.45 KB)

wk at gnupg

Jul 8, 2009, 1:20 AM

Post #2 of 7 (1371 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

On Tue, 7 Jul 2009 22:24, mcse83 [at] hotmail said:

> gpg: detected reader `AKS ifdh 0'
> gpg: detected reader `AKS ifdh 1'
> gpg: detected reader `AKS VR 0'
> gpg: detected reader `Aladdin Token JC 0'
> gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
> gpg: pcsc_connect failed: removed card (0x80100069)

You have several readers installed. By default gpg uses the first one.
Put this line into ~/.gnupg/gpg.conf :

reader-port "SCM Microsystems Inc. SCR3340 ExpressCard Reader 0"

I have not seen any reports about thsi reader; thus please report the outcome.

> I have also just ordered 3 of the new OpenPGP cards (that supprt 3072
> but keys) and I am REALLY hoping I dont have the same problem like I am
> with the Fellowship card ;-(

You will have different problem ;-). gpg 1.4.9 does not yet support
these cards. The forthcoming 1.4.10 will have at least limited support.

In general I suggest to use GnuPG 2.0.12 plus the patches I recently
posted (or under Windows gpg4win-2.0.0rc1 which already includes these
patches). GnuPG 2.0.13 is also close to a release.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mcse83 at hotmail

Sep 6, 2009, 1:55 PM

Post #3 of 7 (1174 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

The SCM Microsystems Inc. SCR3340 ExpressCard Reader seems to work as it
can read the OpenPGP 2.0 card (I do have problems writing changes to it
though, see below).

I have just upgraded to GPG 1.4.10 but when I try to create a key pair
on the OpenPGP 2.0 card it says:

An undefined error occurred (this is when I do it using OpenPGP in
Thunderbird by selecting Manage Smartcard from the OpenPGP menu)

Is running GPG 1.4.10 up to date enough to be able to generate key pairs
on the newer OpenPGP 2.0 cards?

If not what do I need to do to be able to use the OpenPGP 2.0 card?

Not sure why but I can't access http://www.gpg4win.org...

Thanks for any help!

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

dshaw at jabberwocky

Sep 6, 2009, 3:45 PM

Post #4 of 7 (1174 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

On Sep 6, 2009, at 4:55 PM, Sean Wilson wrote:

> The SCM Microsystems Inc. SCR3340 ExpressCard Reader seems to work
> as it
> can read the OpenPGP 2.0 card (I do have problems writing changes to
> it
> though, see below).
>
> I have just upgraded to GPG 1.4.10 but when I try to create a key pair
> on the OpenPGP 2.0 card it says:
>
> An undefined error occurred (this is when I do it using OpenPGP in
> Thunderbird by selecting Manage Smartcard from the OpenPGP menu)
>
> Is running GPG 1.4.10 up to date enough to be able to generate key
> pairs
> on the newer OpenPGP 2.0 cards?

Yes, it should.

Are you using pcsc or the built-in card driver? What platform are you
using?

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mcse83 at hotmail

Sep 7, 2009, 1:02 AM

Post #5 of 7 (1164 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

I am running Windows Vista.

I think I am running the built in driver for the card reader.

What additional software do I need to install to get the OpenPGO 2.0
card to work??

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mcse83 at hotmail

Sep 7, 2009, 9:41 AM

Post #6 of 7 (1161 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

I think I should provide a bit more information about my setup, I am
REALLY confused now (lol):

Vista Home Premium with SP2
Thunderbird 2.0.0.23
Enigmail 0.96.0
SCR3340 ExpressCard Reader
OpenPGP 2.0 smart card
GPG 1.4.10

Currently I subscribe to Hushmail for my email. I use
Thunderbird/Enigmail/GPG to be able to send/receive encrypted/signed PGP
email using their service. I have been doing this for about 2 years now
and I keep the private key on my laptops (encrypted) drive.

After much reading about the OpenPGP 2.0 card I knew I had to have one
;-)) So I bought one the week it was released.

I have been playing around with the card today as I have the day off
work but it seems to have me lost as to how it works.

I generated a test key pair on the OpenPGP card. My understanding of the
reason for doing this was that it was the most secure way as the private
key never touches your hard drive and its ONLY present on the OpenPGP
card (which you can only access with the correct PIN).

Heres were I am confused. When I go into "Key Management" in Thunderbird
(under the OpenPGP menu) I can see my new key pair listed there even if
I remove the OpenPGP card from the reader?! Also, if the cards removed
from the reader, I can right click the new key pair in "Key Management"
and select "Export keys to file" and it even saves the secret key to the
file on my hard drive!!! I thought the whole point of having the key
generated ON the OpenPGP card was so that it was secure (by never being
on the hard drive)? Whats the point if I can save a copy of it from "Key
Management" WHILE the OpenPGP card is not in the reader?

The other things is, how do I know when I look at my private keys in
"Key Management" which ones are on the OpenPGP card and which ones are
stored locally on my hard drive? When I sign/encrypt a test email I
don't know for sure if its using the private key off the hard drive or
OpenPGP 2.0 card.

If anyone can shed some light on this I would greatly appreciate it! I
really want to store my Hushmail 2048bit private key on the OpenPGP 2.0
card and access it via the PIN only rather than use the current way I
have it configured (ie: private key stored locally on hard drive with no
smart card). I thought it would be as easy as copying the Hushmail
private key onto the OpenPGP 2.0 card and telling Thunderbird to use the
private key from the smart card rather than the hard drive key...

On another note, is it possible to completely erase all key on the
OpenPGP 2.0 card once I have finished testing them?

Thank you.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mcse83 at hotmail

Sep 7, 2009, 1:27 PM

Post #7 of 7 (1151 views)
Permalink

Re: Cant get Fellowship card to work [In reply to]

Another update ;-)

I copied my Hushmail keys onto the OpenPGP 2.0 card by using the
keytocard command.

When I run gpg --card-status I can see that my keys are there.

But when I try to decrypt a Hushmail email in Thunderbird I get this error:

=======================================================================
OpenPGP Security Info

Error - secret key needed to decrypt message

gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader `AKS VR 0'
gpg: detected reader `Aladdin Token JC 0'
gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
gpg: fingerprint on card does not match requested one
gpg: encrypted with 2048-bit RSA key, ID xxxxxx, created 2006-07-11
""xxxxxxx [at] hush" <xxxxxxxxx [at] hush>"
gpg: encrypted with 2048-bit RSA-E key, ID xxxxxx, created 2009-05-27
""xxxxxx [at] hushmail" <xxxxxx [at] hushmail>"
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available

=======================================================================

Can someone explain to me why this is happening?

I am really battling to get my keys to work with this OpenPGP card ;-(

PS: If I try to decrypt the email by NOT using the OpenPGP 2.0 card then
it decrypts the email first time!

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads