Re: It takes 8-9 secs until pinentry asks for the PIN of the OpenPGP card

Hello, Matthias Apitz wrote: > This isn't that easy. The pcscd is running (when needed) as: > > purism@pureos:~$ ps ax | grep pcscd >2151 ?Ssl0:00 /usr/sbin/pcscd --foreground --auto-exit > > it is launched by a system service: I see. IIUC, PureOS is Debian based. There should

Re: It takes 8-9 secs until pinentry asks for the PIN of the OpenPGP card

Hello, Matthias Apitz wrote: > It seems that the first time is longer. I will increase the debug-level > for scdaemon. Thank you for the information. I think that it's better to debug how PC/SC goes. To get full debug log in lower level, you can invoke pcscd manually with root: #

Re: It takes 8-9 secs until pinentry asks for the PIN of the OpenPGP card

Hello, I wonder if it taks always 8-9 secs, or it's only for the first time. Matthias Apitz wrote: > /tmp/scdaemon-debug.log: [...] > 2024-05-15 11:07:58 scdaemon[16983] DBG: chan_7 <- SERIALNO > > It takes 8 secs until scdaemon detects the reader, waht does this maen? > > 2024-05-15 11:08:06

Re: gnupg + TPM 2.0 support request

Hello, sergio borghese wrote: > 2023-12-10 16:46:24 gpg-agent[358316] DBG: chan_11 <- ERR 268435731 Unknown > IPC command This is no harm. TPM2d doesn't support GETINFO command. > 2023-12-10 16:46:30 gpg-agent[358316] updating regular key file >

Re: No pinentry but pinentry installed

Hello, Your configuration of pinentry-program is: Caleb Herbert wrote: > /gnu/store/rfy36kapnhx9djhxdi3a54x5p2n097xv-pinentry-gtk2-1.2.1/bin/pinentry-gtk-2 But what you tested in your command line is: >

Re: Learning about authentication

Hello, Daniel Cerqueira wrote: > I want to know a bit, on how authentication and authorization works in > GnuPG. Do you mean authentication subkey in GnuPG? It's basically user-defined; It's up to user how it is used. Usually, it means use with OpenSSH. For example, I have an authentication

Re: epg-encrypt-string in Emacs seems to be incompatible with GnuPG 2.4.1 on macOS, 2.4.0 works

Hello, I'm sorry that I didn't have time yesterday. "Herbert J. Skuhra" wrote: > This issue (bug id: T6481) is obviously fixed on master (commit > 2f872fa68c6576724b9dabee9fb0844266f55d0d): > >

Re: libgcrypt 1.10.2 compile on AIX POWER

Hello, Frank Lindner wrote: > For 1.10.2 I now run into the following: >> start ---< > /opt/freeware/bin/bash ../libtool --tag=CC --mode=link cc > -I/opt/freeware/include -qmaxmem=16384 -qlanglvl=extc99 -DSYSV > -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52

Re: gnugp 2.4.3 fails to build with --disable-ldap

Matthias Apitz wrote: > How to fix this? Here is a commit of mine for GnuPG 2.4: https://dev.gnupg.org/rG9ae3cfcabec9252c22d67b7a15c36f0a8cf22f0f -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: after OS update I can't use my OpenPGP card anymore

Matthias Apitz wrote: > $ gdb /usr/local/libexec/scdaemon > ... > r --debug-all --verbose --verbose --server > ... > OK GNU Privacy Guard's Smartcard server ready > SERIALNO > [New LWP 101967 of process 2622] > > Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault. > Address

Re: after OS update I can't use my OpenPGP card anymore

Hello, Matthias Apitz wrote: > After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used > my OpenPGP card with the USB token anymore. In /var/log/messages > it says: [...] > Any hints how to debug this You can run scdaemon as a foreground process to debug. An example session is

Re: YubiKey/OpenPGP card connection issues for non-root user

Hello, Please note that I don't have any experience using scdaemon in a guest OS of GNU/Linux. So, my answer may be wrong/irrelevant. "Felix E. Klee" wrote: > [felix@felix-arch ~]$ sudo gpg --card-status > Reader ...: SCM Microsystems Inc. SPR 532 [CCID Interface] >

Air32F103 might run at 108MHz

Hello, I learned about Air32F103, another clone of STM32F103. Unfortunately, there is no reference manual available yet. Air32F103: https://wiki.luatos.com/chips/air32f103/index.html Datasheet (in Chinese) *is* available here: https://wiki.luatos.com/chips/air32f103/hardware.html I looked

Re: Read random bytes from Gnuk potentially frequently without destroying the card

Damien Goutte-Gattat wrote: > In the specific case of the Gnuk token, the GET CHALLENGE command is > implemented using the same logic as the one used in NeuG [2]. I have not > looked in details how NeuG works, but given that it is specifically intended > as a random number generator, I’d say it’s

Re: Size for ECC keys have changed from 256 to 255

Baptiste Beauplat wrote: > I noticed that the key size reported by gpg --with-colons for ECC keys > (ed25519) have changed from 256 to 255. Thank you for sharing. I didn't know that it is exposed to users. (I considered it were (only) internal thing in libgcrypt.) > I was wondering if that's a

Re: gpg: keydb_get_keyblock failed: Invalid object

Hello, Thank you for your report. William Holmes wrote: > gpg failed after I created a second sign-only Curve 448 key. Please use --quick-add-key instead, while I'm fixing the bug. My changes of following commits were not enough. 2b50f942672d9a2c325a818f21f69d3ee69255d3

Re: MS Surface Go Sim Card appears to cause scdaemon crash

Hello, Derek C Hoffmann via Gnupg-users wrote: > It looks like scdaemon is crashing when attempting to access a sim card > slot/sim card itself on my Surface Go. It is my fault. I added multiple card readers support (for PC/SC) to GnuPG 2.3, and it causes an issue in your use case. By

Re: HID Omnikey 3121 Smart Card Reader and GPG

Hello, Brandon Anderson wrote: > So I have purchased an Omnikey 3121 smart card reader for use with my > GPG smart card version 2.1. Reading the descriptors: https://ccid.apdu.fr/ccid/readers/CardMan3121.txt It says: 02 Short APDU level exchange This means that the reader cannot

Re: sha256 of libgcrypt is 10 times slower then busybox sha25sum util on qualcomm IPQ4018 board

Hello, 袁建鹏 wrote: > Caculate the sha256 of a 6MB file need 3 secoands: > # TIME=%e time ./fwtool check ipq4018.bin > 3.23 [...] > the libgcrypt build configure in IPQ4018 (ARM cortext A7 soc): > conf := --disable-doc --enable-neon-support \ >

Re: keydb_search failed: Invalid argument

Hello, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > I'm getting this error/warning even when I just decrypt an encrypted > file using plain gpg. If you keep using ~/.gnupg/pubring.gpg, I think this is the cause of your problem. In this case, see this comment in the bug tracker of GnuPG:

Re: gpg: keydb_search failed: Broken pipe

On Sun, 25 Apr 2021 16:41, William Holmes said: > I encrypted the file with '--hidden-recipient'. > After decryption failed, gpg-agent was killed. This is because there is a bug for decryption of anon recipient. The size of input for decryption should be checked. So far, we only have

Re: Compile of gnupg-2.2.27 fails on t-keydb.c

Frank wrote: > Hi Werner, > > I assume you are busy with the 2.30 release (congratulations!) but you > have any more hints how to get more informations on my compile problem? Since Werner is busy, let me reply, to where I can understand. IIUC, GnuPG 2.3.0 needs some fix for your environment

Re: Compile of gnupg-2.2.27 fails on t-keydb.c

Frank wrote: > Hi Werner, > > I assume you are busy with the 2.30 release (congratulations!) but you > have any more hints how to get more informations on my compile problem? Since Werner is busy, let me reply, to where I can understand. IIUC, GnuPG needs some fix for your environment (xlc on

Re: Reiner-SCT CyberJack secoder 2 (v2.2.0 USB 0c4b:0400)

Daniel Pocock writes: > Reiner SCT cyberJack secoder 2 > v2.2.0 > USB: 0c4b:0400 It's good to check the list of CCID readers by libccid: https://salsa.debian.org/rousseau/CCID/-/tree/master/readers Since I cannot find the device in this list, I'm afraid it would not work well. For some

Re: [developer preview] smartcard + opengp as a linux gadget

Vincent Pelletier wrote: > I would like to announce my implementation of a software CCID card > reader targeting the Linux gadget subsystem, along with a smartcard OS > and openpgp card application to use with this reader. Great. (And thanks for the patches for tests of Gnuk. I'll apply those,

Re: SSH CA + gpg-agent + gnuk => error

Francois Gervais via Gnupg-users wrote: > Would the SIGCONT be the source of my problem? No, not at all. It's completely normal. You need to locate the place where it fails. * * * FYI, we have a ticket for signing SSH CA by Gnuk Token.

Re: Clearing cached PIN for Yubikey

ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > I was attempting to figure out what the 'canonical' way of clearing a > Yubikey's cached PIN is. Clearing the authentication status is supported in scdaemon (in the lower level), but there is no good way by command line. If you don't care about using a kind of develper's

Re: agent_genkey failed: Invalid flag

Hello, Patrick Brunschwig wrote: > gpg reports the following error: > > gpg: agent_genkey failed: Invalid flag > gpg: key generation failed: Invalid flag > [GNUPG:] ERROR key_generate 16777288 > [GNUPG:] KEY_NOT_CREATED > > Any idea what could be wrong here? The error is from libgcrypt. I think

Re: command "SCD SERIALNO openpgp" not answered correctly

Matthias Apitz wrote: > On the old system where GnuPG is 2.2.12, the 'gpg2 --card-status' says: > > $ gpg2 --card-status > Reader ...: 04E6:5816:55511725600891:0 > Application ID ...: D2760001240102010005532B > Version ..: 2.1 > Manufacturer .: ZeitControl > Serial

Re: pinentry-gtk-2 dialog doesn't appear before getting input

Andreas Ronnquist wrote: > I have a problem on Debian unstable (running in Virtualbox), running the > Xfce desktop - > > I have my gpg key on a card (a Librem key, which basically is a > Nitrokey) when using pinentry to enter the card password, I first have > to press my mouse on the screen (or

Re: v2.1 openpgp smartcard -- packing in after a `key to card'

Dirk-Willem van Gulik wrote: > During a pretty standard create key; key to card cycle (scripted) - I got an > error > > gpg: OpenPGP card not available: Card removed > > just after the ‘save’ in the —edit-key. A subsequent status check gives me: > > gpg2 --card-status > gpg:

Re: gpg-agent only checks for smartcard not for local keys

Hello, Horst Skatmus wrote: > The only problem I have is that the gpg-agent always checks for the > smartcard even when keys are not stored on a smartcard. When gpg-agent works as ssh-agent, it always checks (possible) authentication key on smartcard, so that the authenticaiton key (when

Re: SSH CA + gpg-agent + gnuk => error

Brennecke, Simon wrote: > I have a question regarding the interaction of SSH with gpg-agent > (and possibly also gnuk). [...] > So I generated a new ECC key in gnuk, imported the public keys in gpg. > Added the keygrip everything to "~/.gnupg/sshcontrol" Just FYI, for smartcard, adding a keygrip

Re: Cannot decrypt from smartcard using gnupg-2.2, can from 2.0

alejandro Cortez wrote: > gpg: public key decryption failed: Invalid ID This means that something goes wrong in your private key file for your token, I suppose. > Can anyone help debug this? You can see more information, by following command line: $ gpg-connect-agent "KEYINFO --list" /bye

Re: PGP Authentication with gpg4win+ssh

Chris Horry wrote: > I also created an Authentication subkey for my other PGP Key, the only > difference being it's not on my Yubkiey but in my regular keyring with > Kleopatra. This same key works just fine on my Linux boxes when I use it > for authentication between them but not in Windows.

Re: GPG 2.1.0 Compatibility Metrix(Solaris/Linux/HP Unix) and Installation

Madhav Narisetty wrote: > Can someone let me know the GPG 2.1.0 compatibility Metrix for > Unix(Solaris/Linux/HP Unix). > Also, I would require installation binaries and steps on Solaris / Linux > and HP UX systems. For GNU/Linux, distributions offer binaries for GnuPG. These days, GnuPG

Re: "gpg: signing failed: Invalid length" when use brainpool512r1 keys to sign things

mlnl wrote: >> gpg: signing failed: Invalid length >> gpg: make_keysig_packet failed: Invalid length >> Key generation failed: Invalid length > > tested & confirmed with GnuPG 2.2.10, libgcrypt 1.8.3 Debian Stretch 9.5 Not reproducible here (similar on Debian Stretch). I tested with no

Re: dirmngr cygwin resolv.conf

Hello, john doe wrote: > I'm willing to confirm that but I'm not sure how I would do that!? I am considering a patch like following. If you can build GnuPG for Cygwin, you can try. Or, you can ask Cygwin's package maintainer for GnuPG. The patch is: Don't try to look the error code, but

Re: dirmngr cygwin resolv.conf

Werner Koch wrote: > ... on Windows. Actually I developed the fallback on Windows becuase > there it is easier to install the Tor browser. Anyway, Gniibe probably > found and fixed the problem in our DNS resolver. I suggest to wait for > the next release - probably next week. That's not for

Re: dirmngr cygwin resolv.conf

Hello, Sorry, my explanation was not accurate. In the Tor-mode of dirmngr, it uses the port 9050 at first. And there is some code to fallback to the port 9150. It's like: libdns_switch_port_p (gpg_error_t err) { if (tor_mode && gpg_err_code (err) == GPG_ERR_ECONNREFUSED

Re: Choice of ECC curve on usb token

Hello, Why not Curve25519, if you use ECC? Damien Cassou wrote: > curves and (2) Bernstein’s Curve 25519 is hard to protect against side > channel attacks when being implemented in embedded devices. Quite interesting opinion. I wonder what kinds of side channel attacks are discussed there.

Re: dirmngr cygwin resolv.conf

john doe wrote: > Now, the next step is to configure dirmngr to do the same!: > > dirmngr.conf: > > use-tor > http-proxy socks5://localhost:9150 Only "use-tor" is needed, then, dirmngr connects to localhost:9150 for Tor. -- ___ Gnupg-users mailing

Re: Won't recognize my secret key

Hello, Thank you for your report. I think I located the issue of migration. Phillip Susi wrote: > I just noticed that I do have a bunch of key files in > ~/.gnupg/private-keys-v1.d, even though gpg -K does not show them. > > Ahah, gpg -K -v shows them... it seems to think they are all expired.

STM32F103 flash ROM read-out service

Hello, While learning Chinese language, I found this service (in Chinese): http://www.pcbcopy.com/2016/ic_1128/1928.html IIUC, It's a company in ShenZhen, which offers a service reading out from protected STM32F103, even if it uses anti-tamper feature with a battery. I was aware of similar

Re: Problem signing git commits with smartcard key

Hello, If I understand correctly, you put: your primary key to the OPENPGP.1 on card. your subkey of SEA capability to the OPENPGP.2 on card. your subkey of A capability to the OPENPGP.3 on card. In this configuration, the OPENPGP.2 key on card is only for decryption.

Re: Wrong Keygrip (gpg2 --card-status --with-keygrip)

Hello, Thanks for your report. Dirk Gottschalk via Gnupg-users wrote: > gpg outputs the wrhon keygrip with --card-edit --with-keygrip. The > output is: [...] > As you see, it returns the same grip for enc. and auth. key. This is > wrong and "gpg2 -K --with-keygrip"

Re: Again: Writing DER certificates to ZeitControl Cards

Dirk Gottschalk via Gnupg-users wrote: > I asked this Question a while ago, but unfortunately didn't get any > response. So, I ask again and I'm in hope that somebody here knows any > Answer to this. I just want to know if the cards do not support it, or > is somebething

Re: git commit signing: Asked for smartcard as it's plugged in

Gabriel Augendre wrote: > Whenever I need to sign a git commit, I need to plug my Yubikey in and > type the pin code. That works perfectly just after logging into my > session, but if the computer goes to sleep (that's my guess, not sure > about that) and I wake it up and try

Re: OpenPGP card bricked

Matthias Apitz wrote: > Floss-shop.de sent me a new OpenPGP Card V3.3. It shows the same > problem, see the log below. What should I do now? Send the USB-reader > and the card back to them? I'm clueless All that I can say is: The reader has features which should work well

Re: OpenPGP card bricked

Hello, It seems that your smartcard is not working at all. Possibly, bricked. The log says (I removed the timestamp and process name): > DBG: ccid-driver: CCID submit transfer (83): 0 > DBG: ccid-driver: PC_to_RDR_IccPowerOn: > DBG: ccid-driver: dwLength ..: 0 > DBG: ccid-driver:

Re: OpenPGP card bricked

Matthias Apitz wrote: > After a power-off reset of my laptop the OpenPGP Card seems to be > damaged. The pcscd can't read the card anymore. It gives up with: > > ... > 6225 commands.c:244:CmdPowerOn Card absent or mute > 0052 ifdhandler.c:1213:IFDHPowerICC() PowerUp

Re: Fwd: gnupg SmartCard V3.3

Hello, Werner Koch wrote: > @gniibe: Do you have any more up to date information on macOS and > smartcard readers? If possible, I recommend to use GnuPG's in-stock driver to access smartcard. It is direct access by libusb, not using PC/SC service. For GNU/Linux, if you don't

Re: BUG report gnupg-2.2.4 (or npth)

Hello, I think that you have some different Pthread library in /usr/local. Henry wrote: > /usr/local/include/pthread.h:357:18: error: conflicting types for ^^^ I wonder if you have installed GNU Pth. Please try without Pth. --

Re: Performance regression, 2.2.3/recent?

Hello, Phil Pennock wrote: > gpg --with-colons --with-fingerprint --with-subkey-fingerprint > --with-secret --list-keys [...] > $ grep '^open(' strace.foo | sort | uniq -c > [...] >3382 open("/home/pdp/.gnupg/pubring.kbx", O_RDONLY) = 10 > 1

Re: Encrypt to a key without importing it to keyring

Seby wrote: > Basically use gnupg without a keyring or trustdb. And the pass the armored > pgp public key with each command and operation. AFAIK, such a usage is not supported by GnuPG. Well, I would imagine some use cases when we want to avoid any dependency to specific

Re: Using the OpenPGP Card on Unix && Win7

Matthias Apitz wrote: > The produced log is: > > $ cat ../AppData/Local/VirtualStore/Windows/SysWOW64/scdaemon.log [...] > 2017-11-21 08:24:04 scdaemon[3868.2] DBG: enter: apdu_open_reader: > portstr=(null) > 2017-11-21 08:24:04 scdaemon[3868.2] detected reader 'Broadcom Corp

Re: Cannot control GnuPG from shell (IPC parameter error)

Seby wrote: > I am running 2.3.0-beta82. I tried to search for this error and I > could only find clues that lead to gpg-agent, but # gpg-agent --help > doesn't allow me to disable it. What is the good approach here? Please update your installation. IIUC, you are talking

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

Hello, Ralf wrote: > I generated keys on a Nitrokey and have chosen the option to make an > off-card backup of the encryption key: > > gpg: NOTE: backup of card key saved to > `/home/archi/.gnupg/sk_26D728A8F09033F1.gpg' If you want to know the detail, this means that

Re: gpg-agent UI when waiting for smart card touch?

David Mandelberg wrote: > I'm using gpg-agent with Yubikeys configured to require a physical touch > before performing operations. Is there any way to get gpg-agent to > display something on screen when it's waiting for me to touch the > Yubikey? (Otherwise, I sometimes

Re: Unable to sign or decrypt with card

Philip Jackson wrote: > I created the scdaemon.conf file as you suggested and then ran a decrypt > test : Thank you. > Perhaps there is something you can see which explains the problem ? As far as I can see, it looks like no problem of scdaemon, but card failure.

Re: Unable to sign or decrypt with card

Philip Jackson wrote: > I have the log file which I attach. > > It shows a number of reports of the same error (lines 89,91,97,99,101) > ERR 83886254 Unknown option , before it asks me for the pin > (line 111). It says 'confidential data not shown' three times but I

Re: Bitcoin private key from GnuPG secp256k1 secret key?

Stefan Claas wrote: > I could imagine that no one will do this, because if you have no > private key for "your" public address (according to your reply), > you have no control of that address, like spending/ sending > BTC from this address. Sorry about my vague

Re: Bitcoin private key from GnuPG secp256k1 secret key?

Stefan Claas wrote: > just wondering if there is an easy way to generate a Bitcoin secret key > from a GnuPG secp256k1 secret key. If so, how would you do that? I don't know about secret key conversion. In the past, I did something for public key:

Re: scdaemon does not "see" card insertion

Hello, Matthias Apitz wrote: > The script 'scd-event' is only invoked on card removal (I do just en > echo of the args): [...] > A card insert is only seen *after* some agent requires something, for > example the SSH client needs access to the secret key on the card; Right.

Re: scdaemon coredumps

Hello, Thank you for your report. "Yuriy M. Kaminskiy" wrote: > When I tried to rebuild gnupg2 2.1.21-2 debian package from > experimental in pbuilder, I got a number of sigsegv's from scdaemon > while running tests: [...] > Annoyingly, test-suite does not catch this as error,

Re: Did exit codes change in 2.1.21?

Philip Jocks wrote: > gpg: error getting version from 'scdaemon': Not supported > [GNUPG:] CARDCTRL 6 This is due to my badness. I wrongly assumed everyone uses smartcard. :-) > Is there anything else we can try? Here is my fix:

Re: command 'LEARN' failed: No inquire callback in IPC

Dustin Rogers wrote: > In fact the native support for smart cards does not seem to support > network attached HSM "virtual tokens" devices at all. It could be > possible that I need to specify the local port the installed HSM agent > is running on, but I dont think I will be

Re: command 'LEARN' failed: No inquire callback in IPC

"Rogers, Dustin" wrote: > I have recently installed gnupg 2.1.20 from source on a centos6.8 box. What's the configure option? Did you enable smart card support with libusb? > [root@system1 ~]# gpg --card-edit > > gpg-agent[5158]: DBG: chan_8 -> OK Pleased to meet

Re: Passphrase cache w/Yubikey varies: sign vs auth

Steve McKown wrote: > Can someone explain why ssh after sign asks for the passphrase again, > and what I might be able to do to avoid this condition? It's not a big > deal, but I do wonder if it suggests a misconfiguration on my part. It is not misconfiguration. It is

Re: How U2F works

NIIBE Yutaka <gni...@fsij.org> wrote: > Well, I concluded that it is not worth (for me) to try to integrate U2F > feature into Gnuk. While I am open to discussion, my current position is that it is better for Gnuk not to integrate the U2F feature. I'd rather prefer separate implement

Re: Homedir & scdaemon

as fixed by following commits. - 8b6c0bae33bdc36892f4595806665ce61f77dfd2 Author: NIIBE Yutaka <gni...@fsij.org> CommitDate: Fri Sep 2 13:41:19 2016 +0900 agent: invoke scdaemon with --homedir. - 4e41745b3ea3b

Re: Homedir & scdaemon

Adam Sherman wrote: > But, scdaemon seems more stubborn, and doesn't respect gpg2's homedir > option. And trying to start it manually, beforehand, with the --homedir > option, fails with: For your information, this is fixed in 2.1. If you will have a chance, please try version

Re: Generating RSA-4096 on Nitrokey Pro

NIIBE Yutaka <gni...@fsij.org> wrote: > I think that the CCID driver has a bug for TPDU handling for time > extension from the card. I confirmed that the problem can be reproducible with Gemelto card reader (TPDU exchange). The problem is that OpenPGP card (2.0 or 2.1) needs time o

Re: Generating RSA-4096 on Nitrokey Pro

Szczepan Zalega | Nitrokey wrote: > Same is occurring on latest GPG 2.1.19. Attached logs taken under Arch > Linux. Any ideas how to fix it? I have read the log which you attached on Monday. I think that the CCID driver has a bug for TPDU handling for time extension from

Re: How U2F works

Werner Koch wrote: > Frankly, I don't really understand the use case for U2F? Why not using > plain user certificates which is supported by browser and servers for > ages? Is that because the web frameworks don't have good support for > this? Scalability, and some (or the)

Re: How U2F works

Thomas Jarosch wrote: > regarding limited resources, the Yubikey people did a fine trick: > There is no per-website data stored on the Yubikey. So the amount > of websites you can use a single FIDO U2F key for is unlimited. > > See "Limited storage on device" for

Re: How U2F works

Hello, Thanks a lot for your explanation. Glenn Rempe wrote: > Well, the attestation key would be checked by the server side process > right? And that is optional to check (but perhaps not optional to > send). So you probably would need to ask those that are integrating > U2F as

How U2F works

Hello, Let me ask a question about U2F. Or, more generally, possibility to enhance GnuPG for web authentication. While I maintain scdaemon of GnuPG and develop Gnuk (an OpenPGPcard implementation), I sometimes am asked about U2F support, these days. (I think that this is due to Yubikey.) IIUC,

Re: Problems with cert validation via CRL

Hello, again, David Gray wrote: > dave@dave-VirtualBox:~/.gnupg/crls.d$ dirmngr --debug-all --fetch-crl > http://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl Reading the code of dirmngr, I think that --fetch-crl (or dirmngr-client --load-crl)

Re: Problems with cert validation via CRL

Hello, David Gray wrote: > At the same time, I'm curious as to why the Ubuntu installation is > validating the certificate as 'good' while the Windows installation is not - > is this just because the Ubuntu installation was able to successfully > validate the certificate in

Re: Aw: Re: Re: SmartCard v2.1 : factory reset fails

Hello, Thanks a lot for your report in detail, in the style which I can replicate. I'm afraid you are facing same issue what I encountered in 2011. CHANGE REFERENCE DATA (OpenPGP card specification 2.0): https://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html

Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, Fib Moro wrote: > I start gpg in "--edit-key" mode. > Then I select a subkey I want to move to the card by issuing command "key 1". > After the "keytocard" command it asks me where to store the key for which I > choose option 1 signature key. > It then prompts me for the

Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, again, I found a bug in GnuPG 2.1.18 for factory-reset command handling (it's not in 2.1.17 or older), I fixed it today. Then, I tested my OpenPGP card 2.1. Let us fix a thing one by one. First, the Reset Code handling. Fib Moro wrote: > It doesn't even get to the

Re: SmartCard v2.1 : factory reset fails

Hello, Since I got 2.1 card last week, I will test with it. For time being, I say something what I know of. Fib Moro wrote: > I can then successfully change the PIN as well as AdminPIN. > > However, when I try to write a key to the card (gpg --edit-key xxx; > keytocard) I >

Re: Non-deterministic behavior using GnuPG and a smart-card

Hello, "Dr. Basil Becker" writes: > Authentication and signatures work like a charme. I'm only having > problems concerning the decryption of mails I received. [...] > Some messages, however, fail to decrypt: > bb@melmac:~$ gpg2 -vv --output /dev/null -d

Re: Smartcard working completely with GPG2 and incompletely with GPG1.4

Hello, chris.p...@gmx.de wrote: > With GnuPG 2, signing, encrypting and decrypting a file works without > any problems. With 1.4, I can encrypt and sign a file, but I can't > decrypt it. It's failing with the message: [...] > > gpg: public key decryption failed: general error > gpg: decryption

Re: Smartcard working completely with GPG2 and incompletely with GPG1.4

Hello, Thank you for your report in detail. chris.p...@gmx.de wrote: > The commands gpg --card-status and gpg2 --card-status seem to display > mainly the same things, the only strange line is "Key Attributes" at > GPG 1.4: gpg 1.4 can use gpg-agent by the option use-agent. I think that you

Re: spr332 vs spr532

Hello, Elizabeth Ferdman wrote: > I'm interning for the PGP Clean Room and am trying to get an OpenPGP > Card reader. Kernelconcepts is offering a SPR332 which is the successor > to the 532. According to this page, though, > > https://wiki.gnupg.org/CardReader/PinpadInput I

Re: Feature request: treat missing smartcard reader as missing smartcard

Peter Lebbing wrote: > For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see > the following: > > - Card reader is plugged in but no card or different card present in reader: > > I am prompted to insert the correct OpenPGP card. Once I do this and >

Re: [Announce] Libgcrypt 1.7.5: secmem trouble

Luis Ressel wrote: > since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning: > using insecure memory!' (and hence refuses to run, since my config file > includes 'require-secmem'). > > Any hints for debugging this issue would the greatly appreciated. I think that

Re: Smartcards and tokens

sivmu writes: > it seems using those specific devices actually decreases > security, assuming it is easy to manipulate specialised vendors of > security hardware compared to manipulating electronic hardware in general. Exactly, that's my point. This is the reason why my approach

Re: Changing comment in userID

On 12/15/2016 08:03 PM, unknown wrote: > i've made a keypair with a comment in the userID. Is it possible to > delete this part of the key or do I have completely delete the key and > make a new one? > I also uploaded it to the sks keyserver. What effect will it have on the > keyserver? Please

Re: Smartcards and tokens

sivmu wrote: > One question remaining is what is the difference between the openpgp > smartcard and the USB based tokens. I think that the OpenPGP card (the physical smartcard) is included in Nitrokey Pro USB Token. So, it's exactly same from the view point of smartcard. When you

TRNG (was: Specifying entropy source)

Hello, I work for my own TRNG implementation. I realized that the point is: We should collectively control things so that none can control a sequence of random bytes. --- (*) Second "control" in (*) includes guessing, predicting, or knowing, not only manipulating directly/indirectly.

Re: smartcard reader

On 10/19/2016 12:40 AM, Stephan Beck wrote: >> FSIJ Gnuk Token >> USB ID: 234b: Ah... This is not a card reader. It is the project of Free Software Initiative of Japan (FSIJ) since 2010. FSIJ acquired USB vendor ID, specifically for this project. Please visit:

Re: reviewing wiki / shortlist PIN-pad readers

Sorry, I didn't have time to reply your call the other day. I think that Gemalto Shelltoken Card Reader, which is available at http://shop.kernelconcepts.de/ is good one. Please note that OpenPGP card requires specific card readers. Its users usually use RSA-2048, RSA-3072, or RSA-4096. For

Re: using with su/sudo

On 10/13/2016 12:36 AM, John Lane wrote: > I just wanted to bring this to your attention because I think it is related. Thank you. Actually, I have a problem like that, everyday (literally). > I tried from a sudo with the tty ownership corrected but it didn't work. > > So I ran an agent with

Re: Smartcard reader Precise Biometrics 200 MC

On 09/20/2016 04:13 PM, Jan Prunk wrote: > I am wondering if the smartcard reader "Precise Biometrics 200 MC" [1] > is among the supported readers to be used with GnuPG ? Is there a > guideline to follow for setting it up ? For the reader, I found this discussion in 2010:

Re: :-(( Re: smart card no longer works

On 09/09/2016 11:52 PM, Philip Jackson wrote: >> Packaging in Debian had been changed. Now scdaemon is in a package of >> "scdaemon" (used to be in "gnupg2" package). >> > > I have now installed the missing scdaemon deb package and that makes a > big improvement as far as gpg2 is concerned. > >

Re: smart card no longer works

On 09/09/2016 05:21 AM, Robert J. Hansen wrote: >> The last I checked, Ubuntu's stock install did not include smartcard > drivers. >> The good news is these can be easily installed via apt-get. The bad news > is I >> don't remember what the package name is. :( > > A little searching suggests

  1   2   3   >