Re: Problem signing git commits with smartcard key

> On 01 June 2018 at 01:41 Werner Koch wrote: > > > On Fri, 1 Jun 2018 00:04, koo...@spacekookie.de said: > > > ssb> rsa4096 2018-05-30 [SEA] > > Remove the S capability from that key. gpg prefers a signing subkey > over the primary key but that happens to be an encryption key on the >

Re: Problem signing git commits with smartcard key

Hello, If I understand correctly, you put: your primary key to the OPENPGP.1 on card. your subkey of SEA capability to the OPENPGP.2 on card. your subkey of A capability to the OPENPGP.3 on card. In this configuration, the OPENPGP.2 key on card is only for decryption.

Re: Problem signing git commits with smartcard key

On Fri, 1 Jun 2018 00:04, koo...@spacekookie.de said: > ssb> rsa4096 2018-05-30 [SEA] Remove the S capability from that key. gpg prefers a signing subkey over the primary key but that happens to be an encryption key on the card. You should also be able to specify the key as signingkey =

Re: Problem signing git commits with smartcard key

> On 31 May 2018 at 21:12 Werner Koch wrote: > > You are signing with the second key of the token. This is an encryption > key and thus not able to sign. If you do a "gpg -card-status" can you > see an Signature key (In the log "OpenPGP.1")? Hmmm...this is the output of gpg2 --card-status

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 20:46, koo...@spacekookie.de said: > 2018-05-31 20:27:42 scdaemon[17755] DBG: chan_7 <- PKSIGN --hash=sha256 > OPENPGP.2 > 2018-05-31 20:27:42 scdaemon[17755] operation sign result: Invalid ID You are signing with the second key of the token. This is an encryption key and

Re: Problem signing git commits with smartcard key

Hey there, thanks for the reply :) > On 31 May 2018 at 19:41 Werner Koch wrote: > > > On Thu, 31 May 2018 16:12, koo...@spacekookie.de said: > > > [GNUPG:] FAILURE sign 100663414 > > gpg: signing failed: Invalid ID > > $ gpg-error 100663414 > 100663414 = (6, 118) = (GPG_ERR_SOURCE_SCD,

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 16:12, koo...@spacekookie.de said: > [GNUPG:] FAILURE sign 100663414 > gpg: signing failed: Invalid ID $ gpg-error 100663414 100663414 = (6, 118) = (GPG_ERR_SOURCE_SCD, GPG_ERR_INV_ID) = (SCD, Invalid ID) This shows that the error originates from scdaemon. To look deeper

Re: Problem signing git commits with smartcard key

On 05/31/2018 10:12 AM, koo...@spacekookie.de wrote: > Hey there, > > I have a yubikey 4 that contains my GPG key. I can use the `gpg2` tool to > sign messages without problems. But when I try to do the same with git, it > fails. The command that git runs internally is equivalent to this: > >

Problem signing git commits with smartcard key

Hey there, I have a yubikey 4 that contains my GPG key. I can use the `gpg2` tool to sign messages without problems. But when I try to do the same with git, it fails. The command that git runs internally is equivalent to this: echo "This is a stream from git..." | gpg2 --status-fd=2 -bsau

Re: git commit signing: Asked for smartcard as it's plugged in

Thanks for your detailed answer ! I'll wait for 2.2.6 to be released and I'll keep you posted. Best regards, Gabriel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: git commit signing: Asked for smartcard as it's plugged in

Gabriel Augendre wrote: > Whenever I need to sign a git commit, I need to plug my Yubikey in and > type the pin code. That works perfectly just after logging into my > session, but if the computer goes to sleep (that's my guess, not sure > about that) and I wake it up and try

git commit signing: Asked for smartcard as it's plugged in

/discussions/problems/69206-asked-for-smartcard-as-its-plugged-in [2] https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: openpgp smartcard: ssh auth speed vs. RSA key size

a RSA 2048 bit key and a real smartcard. Unfortunately the Zeitcontrol card does not support ed25519. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpSMLu93OnY9.pgp Description: PGP sig

openpgp smartcard: ssh auth speed vs. RSA key size

Hello together, here's an interesting observation on ssh auth speed when using different key sizes on the openpgp smartcard: RSA 2048 bit key: 0.7s RSA 4096 bit key: 3.1s Card used is an openpgp smartcard V3.3 with gnupg 2.2.4. The ssh key is accessed via gpg-agent. We found this while

Re: gnupg SmartCard V3.3

On Thu, 1 Mar 2018 10:08, k...@glsys.de said: > i found this ct 2017-10 (german computer magazine) Article, > where they claim the reader to be working with the openpgp smartcard Version > 2.1 > by transfering precreated 4096-Bit keys. This is exactly what i am Well most

Re: gnupg SmartCard V3.3

Thank you all for the support! The mail about needing support for the V3.3 cards in opensc pointed me in the right direction. I relied on the information that the V3.3 is backwards compatible to the V2.1 but this does not seem to be the case. Compiling a fresh gpg 2.2.5 with --enable-ccid-driver

[FEATURE REQ] Keygrips in --card-status (was: gpgsm --gen-key with key on smartcard)

On 28/02/18 20:59, Werner Koch wrote: > But that is about gpg and not about gpgsm. Currently, it's not that easy to get the keygrip for an OpenPGP smartcard key. For keys for which the public part is available, it's: $ gpg --card-status Note desired KEYID $ gpg --with-keygrip -k $KEYID F

Re: gnupg SmartCard V3.3

Hello Klaus, On Thursday, 01 March 2018 10:08:14 CET Klaus Römer wrote: > This is my target device because it is build-in in our Laptops, > i found this ct 2017-10 (german computer magazine) Article, > where they claim the reader to be working with the openpgp smartcard Vers

Re: gnupg SmartCard V3.3

y simply did not worked. This is my target device because it is build-in in our Laptops, i found this ct 2017-10 (german computer magazine) Article, where they claim the reader to be working with the openpgp smartcard Version 2.1 by transfering precreated 4096-Bit keys. This is exactly what i am

Re: Fwd: gnupg SmartCard V3.3

El día Thursday, March 01, 2018 a las 09:14:15AM +0900, NIIBE Yutaka escribió: > Hello, > > Werner Koch <w...@gnupg.org> wrote: > > @gniibe: Do you have any more up to date information on macOS and > > smartcard readers? > > If possible, I recommend to use

Re: Fwd: gnupg SmartCard V3.3

Hello, Werner Koch <w...@gnupg.org> wrote: > @gniibe: Do you have any more up to date information on macOS and > smartcard readers? If possible, I recommend to use GnuPG's in-stock driver to access smartcard. It is direct access by libusb, not using PC/SC service. For GNU/Linux,

Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 16:30, thomas.jaro...@intra2net.com said: > what do you think about Peter's idea: > > $ gpg --with-keygrip --card-status If you use that with --with-colons you can also script this. But that is about gpg and not about gpgsm. gpgsm has no external card interface because the

Re: gpgsm --gen-key with key on smartcard

On Wednesday, 28 February 2018 14:50:39 CET Werner Koch wrote: > If you need this information a small tool to present an enhanced menu > could be written. That tool would then utilize gpgsm and gpg. GPA > might be a candidate to implement this. what do you think about Peter's idea: $ gpg

Re: Fwd: gnupg SmartCard V3.3

Alcor Micro AU9540 00 00 I am not sure about them. Quite some time ago they simply did not worked. @gniibe: Do you have any more up to date information on macOS and smartcard readers? Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind fr

Re: gnupg SmartCard V3.3

Hello Klaus, On Tuesday, 27 February 2018 01:04:27 CET Klaus Römer wrote: > i bought two V3.3 cards, but can`t get them to work … > the keytocard command does not move the key but copy it and further on the > gpg2 --card-status -> fetch followed by gpg2 --card-status does not create > the stub

Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 10:56, thomas.jaro...@intra2net.com said: > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? gpgsm does and shall not know anything about OpenPGP. Thus it can't display OpenPGP information. In theory

Re: gpgsm --gen-key with key on smartcard

On 28/02/18 10:56, Thomas Jarosch wrote: > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? I don't think that's possible: keygrips are "protocol" agnostic, but key IDs are not. So while the keygrip is the same for S/

Re: gpgsm --gen-key with key on smartcard

Hi. Am Mittwoch, den 28.02.2018, 10:56 +0100 schrieb Thomas Jarosch: > To me it seems it shows the 'keygrip' instead of the smartcard key > IDs? Yes, that's correct. > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? I think

gpgsm --gen-key with key on smartcard

Hello together, gpgsm can be used to create X.509 certificates for existing secret keys on a openpgp smartcard. "gpg2 --card-status" looks like this: * .. Signature key : E642 8DAC 275A 3247 5B59 A16F A3E9 1268 663A 9918 created

Fwd: gnupg SmartCard V3.3

Hello, i bought two V3.3 cards, but can`t get them to work … the keytocard command does not move the key but copy it and further on the gpg2 --card-status -> fetch followed by gpg2 --card-status does not create the stub keys, so gpg2 --list-secret-keys does not show any keys ... I have the

Re: Obtaining Key Stubs From Smartcard - Solved

I stumbled across my answer. I didn't realize the public key was necessary for the private key stubs to appear with "gpg2 -K" and become usable. It turns out my system *was* registering the stubs under ~/.gnupg/private-keys-v1.d/, probably the whole time. All I needed to do was to import my

Re: Obtaining Key Stubs From Smartcard

I love talking to myself... On 06/01/18 13:32, Peter Lebbing wrote: > gpg-connect-agent >> learn --force /bye Cute. I should have noticed my "rewrap" went wrong. It's either: gpg-connect-agent > learn --force > /bye or: gpg-connect-agent "learn --force" /bye HTH, Peter. -- I use the GNU

Re: Obtaining Key Stubs From Smartcard

On 06/01/18 13:15, Peter Lebbing wrote: > It works for me. Where does it go wrong for you? Odd... it's working sometimes, and sometimes it's not. Sometimes, it will not get rid of the stubs on --delete-secret-key, or --delete-key for that matter. A different way of doing it is: gpg-connect-agent

Re: Obtaining Key Stubs From Smartcard

] Card serial no. = FFFE 87061340 --8<---cut here---end--->8--- (It would be nice if the documentation indicates that --with-subkey-fingerprint also lists the card serial no. I had a suspicion it might work and it did.) But, we're discussing how to

Re: Obtaining Key Stubs From Smartcard

Original Message Subject: Re: Obtaining Key Stubs From Smartcard Local Time: January 4, 2018 4:27 AM UTC Time: January 4, 2018 10:27 AM From: pe...@digitalbrains.com To: Bagel Alderman <bagel.alder...@protonmail.com>, gnupg-users@gnupg.org <gnupg-users@gnupg.org>

Re: Obtaining Key Stubs From Smartcard

On 03/01/18 23:42, Bagel Alderman via Gnupg-users wrote: > Can anyone tell me why gpg --card-status isn't creating key stubs (even > after  the original stubs are deleted)? Could you post commands entered and their result? We can't tell what goes wrong just by this description. It has always

Re: Problems reading smartcard

Ah, that makes sense. Thanks. I'll try asking on an selinux help forum and see if they have any ideas. Sent with [ProtonMail](https://protonmail.com) Secure Email. > Original Message > Subject: Re: Problems reading smartcard > Local Time: December 22, 2017 1:14 PM &

Re: Problems reading smartcard

I think the problem is that gpg2 is not the one doing the smartcard calls. It spawns a gpg-agent process, which then spawns an scdaemon process. These two are still running when you're back at the command prompt. gpg does not do this by default, it talks to the card directly. However, after gpg2

Problems reading smartcard

I have openpgp keys loaded on a yubikey in smartcard mode but am having problems accessing the card. Originally there were some permission issues but i worked them out to the point that gpg --card-status consistently reads the card. This is on fedora. However gpg2 --card-status gives &quo

Re: Ask gpg-agent/scdaemon to release a smartcard?

On Fri, 24 Nov 2017 10:30, nicolas.boul...@ecp.fr said: > Is there a way I can ask gpg-agent/scdaemon to release this smartcard, gpg-connect-agent 'scd killscd' /bye Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpcMpAbDceKb.pgp Description:

smartcard V1.1 and 2048 RSA

Hello list, is it possible to create one single RSA-2048 key on a openPGP smartcard v1.1 instead of a key with 2 or 3 1024-RSA subkeys? Thank you! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smartcard not seen when reinserted

Le 02/10/2017 à 16:37, Matthias Apitz a écrit : > El día lunes, octubre 02, 2017 a las 01:35:16p. m. +0200, Franck Routier > escribió: > >> My problem, in addition to the pin being cached "forever" (as long as >> the card is inserted, with no time limit), is that when I remove and >> reinsert the

Re: Smartcard not seen when reinserted

El día lunes, octubre 02, 2017 a las 01:35:16p. m. +0200, Franck Routier escribió: > My problem, in addition to the pin being cached "forever" (as long as > the card is inserted, with no time limit), is that when I remove and > reinsert the card, it is not recognized unless I restart gpg-agent.

Re: Smartcard not seen when reinserted

Le 01/10/2017 à 20:33, Matthias Apitz a écrit : > El día domingo, octubre 01, 2017 a las 06:37:46p. m. +0200, Franck Routier > escribió: > >> Hi, >> >> I have a problem where my OpenPGP smartcard is not recognized when I >> remove it from the reader and r

Re: Smartcard not seen when reinserted

El día domingo, octubre 01, 2017 a las 06:37:46p. m. +0200, Franck Routier escribió: > Hi, > > I have a problem where my OpenPGP smartcard is not recognized when I > remove it from the reader and reinsert it. > > Moreover I like to remove the card and reinsert it when need

Smartcard not seen when reinserted

Hi, I have a problem where my OpenPGP smartcard is not recognized when I remove it from the reader and reinsert it. Moreover I like to remove the card and reinsert it when needed, as when used for authentication with Poldi, I'm only asked for the PIN once, and then the PIN is cached

Powering down smartcard does not work

Hello, I try to power down my gnupg smartcard after some time by adding 'card-timeout 15' to ~/.gnupg/scdaemon.conf but the card seems to stay powered as the PIN stays cached. Do you have any idea why the config is not working correctly? Kind regards Alex

Re: Subkey Generation / SmartCard

Hello Christoph, with new gpg version version (>2.15) you can more easily generates sub keys * Herafter are add subkeys to main keyring $key_id each with RSA1024 and 1 for Sign, 1 for Encrypt, 1 for Auth echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback --batch --no-tty --yes

Subkey Generation / SmartCard

I am trying to batch provision yubikeys. Using the --batch, I can generate the initial key, but I am unable to add more than a single subkey. Is there a way to batch provision subkeys, specifying the usage (signing, encryption, auth) without having to go into --edit-key / interactive mode? On

Re: GPG, subkeys smartcard and computer

On 21/02/17 15:23, Peter Lebbing wrote: > On 21/02/17 16:19, Andrew Gallagher wrote: >> And this is the main reason I started running my own keyserver - by >> refreshing your monkeysphere-host keyring, you are leaking to the >> keyserver which user credentials have login access to your system. :-)

Re: GPG, subkeys smartcard and computer

On 21/02/17 16:19, Andrew Gallagher wrote: > And this is the main reason I started running my own keyserver - by > refreshing your monkeysphere-host keyring, you are leaking to the > keyserver which user credentials have login access to your system. :-) But if an attacker can cut off your SSH

Re: GPG, subkeys smartcard and computer

On 21/02/17 15:58, Kristian Fiskerstrand wrote: > Keep in mind, the keyring in the scope of monkeysphere is normally one > keyblock :) But yeah, the crontab frequency will depend a bit on system. Not for multi-user systems with many accounts; it would only be the case for personal servers. Is a

Re: GPG, subkeys smartcard and computer

On 21/02/17 15:17, Peter Lebbing wrote: > On 21/02/17 15:58, Kristian Fiskerstrand wrote: >> Keep in mind, the keyring in the scope of monkeysphere is normally one >> keyblock :) But yeah, the crontab frequency will depend a bit on system. > > Not for multi-user systems with many accounts; it

Re: GPG, subkeys smartcard and computer

On 02/21/2017 03:15 PM, Peter Lebbing wrote: > If Kristian Fiskerstrand says it's okay for SSH servers to refresh their > keyring every 20 or 30 minutes from the public keyserver netowrk, then I > guess it really is :-). I had estimated it as inappropriate. Keep in mind, the keyring in the scope

Re: GPG, subkeys smartcard and computer

On 21 Feb 2017, at 13:37, Kristian Fiskerstrand wrote: >> On 02/21/2017 02:21 PM, Peter Lebbing wrote: >> Revoking the old A key and creating a new one needs to happen on the >> system you have the primary key on, so you need to subsequently roll out

Re: GPG, subkeys smartcard and computer

>> certificate would have to be revoked. I don't see much extra effort in >> rolling it out to the few other systems you use as a client as well. > > not following, you don't have access to the primary key at this point > (say you're travelling and the primary is on smartcard in a

Re: GPG, subkeys smartcard and computer

not following, you don't have access to the primary key at this point (say you're travelling and the primary is on smartcard in a vault) > > Also, I think you need to have a way to notify servers that they need to > get an updated certificate including the revoked old key *right* *

Re: GPG, subkeys smartcard and computer

On 20/02/17 22:51, Kristian Fiskerstrand wrote: > Revocation of the specific subkey is automatically picked up by all > systems due to automatic refresh of the public key on regular intervals, > without losing access to the system from non-compromised devices. Revoking the old A key and creating

Re: GPG, subkeys smartcard and computer

On 02/20/2017 05:49 PM, Peter Lebbing wrote: > So perhaps one key per device is superior, also for detecting which client > system was compromised by looking at the SSH auth logs on the server > (supposing > the attacker didn't gain root privileges and wiped his traces immediately). > But > I

Re: GPG, subkeys smartcard and computer

-disk, one per system and one smartcard I only use on a single one of those systems. I actually use one key per client, but note that I don't have multiple A-capable OpenPGP subkeys. All my on-disk keys are just regular ol' OpenSSH keys, and I think then one key per device is a much cleaner set

Re: GPG, subkeys smartcard and computer

users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users [2] Another use-case would be using rsa and ecc ( ecc on the laptop/desktop and rsa subs on the smartcard) sent via webmail, pardon lack of a gpg signature. -- Corey W Sheldon ph: +1 (310).909.7672

Re: GPG, subkeys smartcard and computer

On 02/19/2017 01:45 PM, Andrew Gallagher wrote: > And in the case of A and S, there next to no benefit - if one of your > subkeys is lost you should revoke it immediately anyway Wouldn't consider this accurate, the typical use case for multiple A subkeys is per-device usage, explicitly to avoid

Re: GPG, subkeys smartcard and computer

Hi, Things are getting clearer now, the fact is: subkeys are not related and basically only the last generated is used. I missunderstood this step. I need a Auth subkey on the smartcard becuase I've setup the server to access ssh only via a key. If I'm not at my pc I can't access the server

Re: GPG, subkeys smartcard and computer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 19 February 2017 at 2:58:56 PM, in , Damien Goutte-Gattat wrote:- > Disclaimer: I am not advocating such a setup, that I > don't even actually use. I use that setup. Last I

Re: GPG, subkeys smartcard and computer

On 02/19/2017 03:11 PM, Peter Lebbing wrote: However, maybe someone has come across a reason to do it where it would be worth the hassle. There certainly are people using multiple S subkeys. Some time ago, I did some experiments with a RSA master key with two sets of subkeys: RSA subkeys and

Re: GPG, subkeys smartcard and computer

enefit I agree. I can't think of a compelling reason to use multiple ones; all things considered, the added hassle is the larger factor in every scenario I could think of just now. If you can't duplicate your A or S subkey when you want to, for instance because you have it on smartcard only,

Re: GPG, subkeys smartcard and computer

> On 19 Feb 2017, at 11:19, Peter Lebbing wrote: > >> On 17/02/17 15:11, Andrew Gallagher wrote: >> Some systems will only authenticate against the most recently created >> A subkey. > > I have no personal experience, but I think it's possible this relates to >

Re: GPG, subkeys smartcard and computer

Hi Stefano, On 19/02/17 09:41, Stefano Tranquillini wrote: > I think I can have multiple A subkeys, not like E keys that only the > last is used, and use them to ssh servers if all these subkeys are > added to the server It depends on how the authorized authentication keys are added to the

Re: GPG, subkeys smartcard and computer

> On 19 Feb 2017, at 08:41, Stefano Tranquillini > <stefano.tranquill...@gmail.com> wrote: > > wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the > smartcard). > Can't I create a new E (called E2) from my master and decrypt the data? O

Re: GPG, subkeys smartcard and computer

s. They will only then exist on the > smartcard. I normally don't recommend this, as it means you have no way > to back up your E subkey, and if your smartcard breaks you then lose > access to all data encrypted to it. If you are keeping your master > offline, there is IMO little extr

Aw: Re: Re: Re: SmartCard v2.1 : factory reset fails

openpgp-card-spec-2.0-chenge-reference-data.html > > IIUC, this protocol is due to smartcard practice and standard. I had > asked Achim (the author of OpenPGPcard specification) if this could be > changed. No positive answer, but I think that the problem is clear > enough. > Th

Re: GPG, subkeys smartcard and computer

l setup is: > > * Master generated on offline pc and stored in a cold storage * > subkeys for the pc (main pc, that I use everyday) - i need > (A)utenticate (E)encrypt (S)ign keys * subkeys for the smartcard - > if I use a pc of someone else, and as backup for what is worth

GPG, subkeys smartcard and computer

- Master generated on offline pc and stored in a cold storage - subkeys for the pc (main pc, that I use everyday) - i need (A)utenticate (E)encrypt (S)ign keys - subkeys for the smartcard - if I use a pc of someone else, and as backup for what is worth. (In the future I may swit

Re: Aw: Re: Re: SmartCard v2.1 : factory reset fails

IIUC, this protocol is due to smartcard practice and standard. I had asked Achim (the author of OpenPGPcard specification) if this could be changed. No positive answer, but I think that the problem is clear enough. Fib Moro <fibm...@gmx.de> wrote: > It then asks me to "Please e

GPG, subkeys smartcard and computer

- Master generated on offline pc and stored in a cold storage - subkeys for the pc (main pc, that I use everyday) - i need (A)utenticate (E)encrypt (S)ign keys - subkeys for the smartcard - if I use a pc of someone else, and as backup for what is worth. (In the future I may swit

Aw: Re: Re: SmartCard v2.1 : factory reset fails

Dear Yutaka, > > Let us show more info about your key. I'm afraid your key size > is not the one OpenPGP card supports. I tested RSA-2048 with > OpenPGP card version 2.1, it works fine for me. > -- > == 1. Moving keys to card == Using the correct default

Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, Fib Moro wrote: > I start gpg in "--edit-key" mode. > Then I select a subkey I want to move to the card by issuing command "key 1". > After the "keytocard" command it asks me where to store the key for which I > choose option 1 signature key. > It then prompts me for the

Aw: Re: Re: SmartCard v2.1 : factory reset fails

Hello, > > Let us fix a thing one by one. First, the Reset Code handling. > ok, let's do that. > For my OpenPGP card 2.1, the Admin PIN is "12345678" (no 9). > I can successfuly set the Reset Code. > > I confirmed that with wrong Admin PIN, I got the message "Error setting > the Reset Code:

Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, again, I found a bug in GnuPG 2.1.18 for factory-reset command handling (it's not in 2.1.17 or older), I fixed it today. Then, I tested my OpenPGP card 2.1. Let us fix a thing one by one. First, the Reset Code handling. Fib Moro wrote: > It doesn't even get to the

Aw: Re: SmartCard v2.1 : factory reset fails

Hello Yutaka, > > The length of the Reset Code should be more than or equals to 8. If it > is shorter, it fails. What is your case? > -- > It doesn't even get to the point where it prompts me for the Reset Code: Here is what I do: When try to set the reset code via "passwd => 4" it

Re: SmartCard v2.1 : factory reset fails

Hello, Since I got 2.1 card last week, I will test with it. For time being, I say something what I know of. Fib Moro wrote: > I can then successfully change the PIN as well as AdminPIN. > > However, when I try to write a key to the card (gpg --edit-key xxx; > keytocard) I >

SmartCard v2.1 : factory reset fails

Dear GnuPG-Users List. I'm having trouble with resetting my smartcard version 2.1. After posting a bug report for GnuPG Werner Koch asked me to re-post my question on this mailing list [0]. To answer his quick hint: factory-reset did unfortunately not work as I already mentioned in my

Re: Smartcard working completely with GPG2 and incompletely with GPG1.4

created: 2017-01-24 expires: never > card-no: 0005 5031 I located the cause of this issue. It is not the issue of scdaemon incompatibility of GnuPG 2.1, which I addressed yesterday. With GnuPG 1.4 for smartcard can't work well for RSA 4096-bit keys. (I think that it can also

Re: Smartcard working completely with GPG2 and incompletely with GPG1.4

Hello, Thank you for your report in detail. chris.p...@gmx.de wrote: > The commands gpg --card-status and gpg2 --card-status seem to display > mainly the same things, the only strange line is "Key Attributes" at > GPG 1.4: gpg 1.4 can use gpg-agent by the option use-agent. I think that you

Smartcard working completely with GPG2 and incompletely with GPG1.4

Hello all, after using GnuPG since 2014 I now purchased a Nitrokey USB smartcard. I set it up mainly* following the steps at https://wiki.fsfe.org/TechDocs/CardHowtos/CardWithSubkeysUsingBackups with GnuPG 2 and tried to configure GnuPG 1.4 to work likewise (on Linux Mint, it's installed

Re: Feature request: treat missing smartcard reader as missing smartcard

On 18/01/17 00:21, NIIBE Yutaka wrote: > This is just a lucky coincidence, but I'm glad to see the development of > GnuPG goes well. Ah, two birds with one stone! Thank you for working on multi-card-reader setups! > Thank you for your support of GnuPG. Your support encourages me > (hopefully,

Re: Feature request: treat missing smartcard reader as missing smartcard

Please stop sending me this message I don't know what you are talking about so stop On Jan 17, 2017 6:54 PM, "NIIBE Yutaka" wrote: > Peter Lebbing wrote: > > For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see > > the following: >

Re: Feature request: treat missing smartcard reader as missing smartcard

Peter Lebbing wrote: > For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see > the following: > > - Card reader is plugged in but no card or different card present in reader: > > I am prompted to insert the correct OpenPGP card. Once I do this and >

Feature request: treat missing smartcard reader as missing smartcard

t is quite common to see readers with either integrated smartcards or smartcards that can't be changed or removed easily. I think these devices should be treated as currently the smartcard is. I.e., if the reader is not plugged in, prompt the user to insert their smartcard just like scdaemon would if

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

Hi all, thank you Damien and Werner for your recent replies. Even if the reader is performing o.k. now to my amassment. When I used the feature to create the keys on the card I ran to some strange and not reproducible problems. I think this is what Werner refers to. Once I decided to create the

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

On Fri, 6 Jan 2017 14:52, dgouttegat...@incenp.org said: > For what is worth, I have two such readers, which are working > flawlessly with the ccid driver [1] and with 2048-bit keys. I have not > tried them with the internal driver. IIRC, I added some workarounds but eventually gave up due to

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote: I was under the impression the OmniKey 3121 is a real reader since it is on the how to [1]. For what is worth, I have two such readers, which are working flawlessly with the ccid driver [1] and with 2048-bit keys. I have not tried

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

Hi Andrew, thanks for you input. And I will gave it a try. 1) deactivated my script 2) added udev rule ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3022", RUN+="/usr/sbin/service pcscd restart" 3) testdrive - reader unplug - plug in (USB) Jan 06 13:55:00 compd

Re: Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

Hi Kristian, it is not the reader (USB Device) which is removed. It is the Card in the reader. I would not know how to monitor this with udev. Is this possible ? Best regards Dirk On 06.01.2017 10:30, Kristian Fiskerstrand wrote: On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote: >

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

On 06/01/17 09:30, Kristian Fiskerstrand wrote: > On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote: >> p.s. in the meantime a made a script which tails the scdaemon.log and >> waits for "Removal of a card:" >> and then kills the gpg-agent. Not a proper solution - but working so far. > >

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote: > p.s. in the meantime a made a script which tails the scdaemon.log and > waits for "Removal of a card:" > and then kills the gpg-agent. Not a proper solution - but working so far. Why not use udev rule to watch for removal event? --

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

Hi Werner, thanks for your reply. I was under the impression the OmniKey 3121 is a real reader since it is on the how to [1]. What would be a good alternative bevore I buy another bad one. And I have problems understanding how the issue is connected to the key length. The Problem as I see it

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

On Wed, 4 Jan 2017 21:14, gnupg-users.d...@o.banes.ch said: > thanks for you reply but it is now not working at all. Even if my reader > - Ominkey 3121 is listed in you link. Omnikey readers simply don't work correctly with 2k keys or larger. Get a real reader and not that messy hardware which

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

: usb_bulk_write error: LIBUSB_ERROR_TIMEOUT 2017-01-04 21:08:36 scdaemon[3398] reader slot 0: using ccid driver 2017-01-04 21:08:36 scdaemon[3398] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready 2017-01-04 21:08:41 scdaemon[3398] DBG: ccid-driver: usb_bulk_write er

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

I think you should be able to use this card reader without pcscd, using the internal CCID driver of GnuPG[1]. Just stop and disable pcscd, hopefully GnuPG will find the reader and use it right away. That might solve your problem. I use GnuPG's internal CCID driver, and it is completely resilient

<    1   2   3   4   5   6   7   8   9   >