Mailing List Archive: GnuPG: users

Signing eMails doesn't work anymore

Index | Next | Previous | View Threaded

ricul77 at gmail

Aug 27, 2012, 1:57 PM

Post #1 of 5 (227 views)
Permalink

Signing eMails doesn't work anymore

Hi,

this is my first post to this list.

I have a crypto stick from www.privacyfoundation.de, and when I first
set it up, signing emails worked flawlessly.
But then I wanted to also be able to use my crypto-stick for ssh
authentication.
As adding the authentication sub key turned out to be difficult, I
generated an entirely new private key with encryption-, signature- and
authentication subkeys generated before putting them onto the crypto
stick.
SSH authentication works nicely now, but with the new key, signing
emails always fails. Ecryption and decryption still works. I'm using
evolution, but I also tried with thunderbird. The errormessage I get is
the same I get when trying to sign something with gpg directly. Could it
be that gpg is confused which key to use?

#gpg --sign setup_my_system.sh
gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18
gpg: Beglaubigung fehlgeschlagen: Allgemeiner Fehler
gpg: signing failed: Allgemeiner Fehler

#gpg2 --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: männlich
URL of public key : [nicht gesetzt]
Login data .......: [nicht gesetzt]
Signature PIN ....: nicht zwingend
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: 6555 FA9F AEEF 386C 50E2 7AE1 02EC 6014 E840 1492
created ....: 2012-08-07 19:01:59
Encryption key....: 3A6C CF0A C29F 3DFC 60AF DCCE 31AA D811 8760 DB3E
created ....: 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9 C010 BABF AE12 5A09 7EF6
created ....: 2012-08-07 19:04:12
General key info..: pub 2048R/E8401492 2012-08-07 Richard Ulrich
(ulrichard) <xxxxx [at] gmail>
sec# 2048R/0AE275A9 erzeugt: 2012-08-07 verfällt: 2022-08-05
ssb> 2048R/8760DB3E erzeugt: 2012-08-07 verfällt: niemals
Kartennummer: 0005 0000115F
ssb> 2048R/E8401492 erzeugt: 2012-08-07 verfällt: niemals
Kartennummer: 0005 0000115F
ssb> 2048R/5A097EF6 erzeugt: 2012-08-07 verfällt: niemals
Kartennummer: 0005 0000115F

#gpg2 --list-keys
/home/richi/.gnupg/pubring.gpg
------------------------------
pub 2048R/0AE275A9 2012-08-07 [verfällt: 2022-08-05]
uid Richard Ulrich (ulrichard) <xxxxx [at] gmail>
sub 2048R/8760DB3E 2012-08-07
sub 2048R/E8401492 2012-08-07
sub 2048R/5A097EF6 2012-08-07
sub 2048R/EC980139 2012-08-07 [verfällt: 2022-08-05]

Rgds
Richard

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Aug 28, 2012, 1:47 AM

Post #2 of 5 (213 views)
Permalink

Re: Signing eMails doesn't work anymore [In reply to]

On Mon, 27 Aug 2012 22:57, ricul77 [at] gmail said:

> #gpg --sign setup_my_system.sh
> gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18

The error is:

$ gpg-error 6.18
100663314 = (6, 18) = [...] = (SCD, Wrong secret key used)

The scdaemon would have printed this to its log file:

fingerprint on card does not match requested one

please run the sign command again using the option "-v" to see what key
is being used.

Also try:

gpg --sign -u 'E8401492!' -v setup_my_system.sh

to force using the first key on your card.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

ricul77 at gmail

Aug 28, 2012, 12:48 PM

Post #3 of 5 (211 views)
Permalink

Re: Signing eMails doesn't work anymore [In reply to]

Hi Werner,

the ! exclamation mark did the trick!
I tried specifying the subkey I wanted before, but only the exclamation
mark makes it work.
With the exclamation mark, also signing in evolution works again.
Is this documented somewhere?

Thanks a lot.
Richard

On Di, 2012-08-28 at 10:47 +0200, Werner Koch wrote:
> On Mon, 27 Aug 2012 22:57, ricul77 [at] gmail said:
>
> > #gpg --sign setup_my_system.sh
> > gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18
>
> The error is:
>
> $ gpg-error 6.18
> 100663314 = (6, 18) = [...] = (SCD, Wrong secret key used)
>
>
> The scdaemon would have printed this to its log file:
>
> fingerprint on card does not match requested one
>
> please run the sign command again using the option "-v" to see what key
> is being used.
>
> Also try:
>
> gpg --sign -u 'E8401492!' -v setup_my_system.sh
>
> to force using the first key on your card.
>
>
> Salam-Shalom,
>
> Werner
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Aug 29, 2012, 12:12 AM

Post #4 of 5 (212 views)
Permalink

Re: Signing eMails doesn't work anymore [In reply to]

On Tue, 28 Aug 2012 21:48, ricul77 [at] gmail said:
>
> the ! exclamation mark did the trick!
> I tried specifying the subkey I wanted before, but only the exclamation
> mark makes it work.
> With the exclamation mark, also signing in evolution works again.
> Is this documented somewhere?

HOW TO SPECIFY A USER ID

[...]
By key Id.

This format is deduced from the length of the string and
its content or 0x prefix. The key Id of an X.509
certificate are the low 64 bits of its SHA-1 fingerprint.
The use of key Ids is just a shortcut, for all automated
processing the fingerprint should be used.

When using gpg an exclamation mark (!) may be appended to
force using the specified primary or secondary key and not
to try and calculate which primary or secondary key to
use.

GPG uses by default the last created subkey.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

ricul77 at gmail

Sep 13, 2012, 3:02 PM

Post #5 of 5 (181 views)
Permalink

Re: Signing eMails doesn't work anymore [In reply to]

Now I had a similar problem with debian packages.

That's what I got from dpkg-buildpackage :

dpkg-buildpackage: warning: Failed to sign .dsc and .changes file
Checking signature on .changes
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
No signature on ./flightpred_0.0.35~precise_source.changes.

I tried both of the following in .bashrc :
export GPGKEY=E8401492
export GPGKEY=E8401492!

If I try the following manually, then it works:
gpg --clearsign -u 'E8401492!' flightpred_0.0.35~precise.dsc

The next thing I tried was :
dpkg-buildpackage -kE8401492!
dpkg-buildpackage -k${GPGKEY}

They both work, but that makes me wonder what I set the GPGKEY env var for?

Rgds
Richard

On Di, 2012-08-28 at 10:47 +0200, Werner Koch wrote:
> gpg --sign -u 'E8401492!' -v setup_my_system.sh
>
> to force using the first key on your card.
>
>
> Salam-Shalom,
>
> Werner
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads