date:20231210

Re: gnupg + TPM 2.0 support request

2023-12-10 Thread NIIBE Yutaka

Hello,

sergio borghese wrote:
> 2023-12-10 16:46:24 gpg-agent[358316] DBG: chan_11 <- ERR 268435731 Unknown
> IPC command 

This is no harm.  TPM2d doesn't support GETINFO command.

> 2023-12-10 16:46:30 gpg-agent[358316] updating regular key file
> '/home/netresults.wintranet/borghese/gpg2.tmp/private-keys-v1.d/FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B.key'
> by a shadow key inhibited

I fixed this problem in the repo of GnuPG 2.4/master, I suppose.  It's
the commit 9909f622f for 2.4.

The check was introduced (by the commit a1015bf2f) (in GnuPG 2.4.2),
which caused the problem for KEYTOTPM handling of gpg-agent.  Then fixed
in repo (will be in GnuPG 2.4.4).
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg + TPM 2.0 support request

2023-12-10 Thread sergio borghese via Gnupg-users

Hello everyone,

still trying to debug the interaction between my custom built gpg 2.4 and
the tpm
I manage to enable the gpg-agent log file and set the debug level to 5
(advanced) according to:

https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#option-_002d_002dhomedir

Actually what I see when I run the `keytotpm` is:

```
2023-12-10 16:42:44 gpg-agent[357268] DBG: chan_10 <- KEYTOTPM
FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B
2023-12-10 16:42:44 gpg-agent[357268] starting a new PIN Entry
2023-12-10 16:42:44 gpg-agent[357268] DBG: connection to PIN entry
established
2023-12-10 16:42:44 gpg-agent[357268] DBG: chan_10 -> INQUIRE
PINENTRY_LAUNCHED 357865 curses 1.2.1 /dev/pts/3 xterm-256color :0
20620/590201106/5 590201106/590200513 0
2023-12-10 16:42:44 gpg-agent[357268] DBG: chan_10 <- END
2023-12-10 16:42:49 gpg-agent[357268] no running
/opt/gpg24/libexec/tpm2daemon daemon - starting it
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 <- OK GNU Privacy
Guard's TPM2 server ready
2023-12-10 16:42:49 gpg-agent[357268] first connection to daemon
/opt/gpg24/libexec/tpm2daemon established
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> GETINFO socket_name
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 <- ERR 268435731 Unknown
IPC command 
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> OPTION event-signal=12
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 <- OK
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> IMPORT
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 <- INQUIRE KEYDATA
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> [ 44 20 28 31 31 3a
70 72 69 76 61 74 65 2d 6b 65 ...(982 byte(s) skipped) ]
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> [ 44 20 c8 dc 76 ef
16 58 03 a0 29 29 29 00 ]
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 -> END
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_11 <- INQUIRE NEEDPIN
Please enter the TPM Authorization passphrase for the key.
2023-12-10 16:42:49 gpg-agent[357268] starting a new PIN Entry
2023-12-10 16:42:49 gpg-agent[357268] DBG: connection to PIN entry
established
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_10 -> INQUIRE
PINENTRY_LAUNCHED 357872 curses 1.2.1 /dev/pts/3 xterm-256color :0
20620/590201106/5 590201106/590200513 0
2023-12-10 16:42:49 gpg-agent[357268] DBG: chan_10 <- END
2023-12-10 16:42:51 gpg-agent[357268] starting a new PIN Entry
2023-12-10 16:42:51 gpg-agent[357268] DBG: connection to PIN entry
established
2023-12-10 16:42:51 gpg-agent[357268] DBG: chan_10 -> INQUIRE
PINENTRY_LAUNCHED 357874 curses 1.2.1 /dev/pts/3 xterm-256color :0
20620/590201106/5 590201106/590200513 0
2023-12-10 16:42:51 gpg-agent[357268] DBG: chan_10 <- END
2023-12-10 16:42:52 gpg-agent[357268] starting a new PIN Entry
2023-12-10 16:42:52 gpg-agent[357268] DBG: connection to PIN entry
established
2023-12-10 16:42:52 gpg-agent[357268] DBG: chan_10 -> INQUIRE
PINENTRY_LAUNCHED 357876 curses 1.2.1 /dev/pts/3 xterm-256color :0
20620/590201106/5 590201106/590200513 0
2023-12-10 16:42:52 gpg-agent[357268] DBG: chan_10 <- END
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_11 -> D pippero
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_11 -> END
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_11 <- [ 44 20 28 31 30 3a
31 30 37 33 37 34 31 38 32 35 ...(524 byte(s) skipped) ]
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_11 <- OK
2023-12-10 16:42:55 gpg-agent[357268] updating regular key file
'/home/netresults.wintranet/borghese/gpg2.tmp/private-keys-v1.d/FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B.key'
by a shadow key inhibited
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_10 -> OK
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_10 <- KEYINFO
FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_12 -> KEYINFO --list
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_12 <- OK
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_10 -> S KEYINFO
FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B D - - - P - - -
2023-12-10 16:42:55 gpg-agent[357268] DBG: chan_10 -> OK
```

What seems interesting to me are the following log entries:

```
2023-12-10 16:46:24 gpg-agent[358316] DBG: chan_11 <- ERR 268435731 Unknown
IPC command 
```
and
```
2023-12-10 16:46:30 gpg-agent[358316] updating regular key file
'/home/netresults.wintranet/borghese/gpg2.tmp/private-keys-v1.d/FDEE0860BCFCE24C29738F1ADBF42D4C7D95516B.key'
by a shadow key inhibited
```

Does anyone know what the above error means exactly and how to solve it?

Ciao e grazie
Sergio


On Sun, Dec 10, 2023 at 1:04 AM sergio borghese 
wrote:

> Hi Stephan,
>
> You are right actually, but I built gnupg 2.4 from the source code. I'm
> using the correct binary and also assured the gpg-agent used is the one
> built from version 2.4
>
> The strange thing is that I get no error when editing the key and use the
> command keytotpm, but the key is not sealed
>
> Ciao e grazie
> Sergio
>
>
> On Sat 9 Dec 2023, 15:16 Stephan Verbücheln via Gnupg-users, <
>

Re: Contributing: how to modify the man page

2023-12-10 Thread Werner Koch via Gnupg-users

Hi!

> info and the gpg man page. I would like to know which files do I need to
> edit in order to edit the gpg man page and the gpg info page.

Both are build from the same texinfo source.  That is gnupg/doc/gpg.texi
or one of the other *texi files - some are include files.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg + TPM 2.0 support request

Re: gnupg + TPM 2.0 support request

Re: Contributing: how to modify the man page

3 matches

Site Navigation

Mail list logo

Footer information