> Could you perform your tests again with Scute debugging turned on? Scute log when launching Firefox with Yubikey unplugged:
> scute debug init: flags=0xff > scute: scute_agent_initialize: Establishing connection to gpg-agent After plugging in the Yubikey: > scute: scute_agent_get_cert: got certificate from card with length 259 > scute: asn1_get_element: wrong element in lookup path > scute: scute_attr_prv: rejecting certificate: could not get subject: General > error > scute: scute_agent_get_cert: got certificate from card with length 259 > scute: asn1_get_element: wrong element in lookup path > scute: scute_attr_prv: rejecting certificate: could not get subject: General > error [repeating rapidly] Due to scute 'rejecting certificate' I just removed my current certificate for the auth subkey from gpgsm and created / imported a new self-signed certificate: $ gpgsm --gen-key > [...] > Please select what kind of key you want: > (1) RSA > (2) Existing key > (3) Existing key from card > Your selection? 3 > Serial number of the card: D27600[...] > Available keys: > (1) C2E04B00B3F087DB143B4BB6411813BA220ED4BA OPENPGP.1 > (2) FDB0E6A955AA1194D369A942B8EF10E6C66E0BB4 OPENPGP.2 > (3) 22BD35D43F4D748110C935CC6B8D13575306F89B OPENPGP.3 > Your selection? 3 > [...] > Create self-signed certificate? (y/N) y > These parameters are used: > Key-Type: card:OPENPGP.3 > Key-Length: 1024 > Key-Usage: sign > Serial: random > Name-DN: CN=scute test,C=AT > > Proceed with creation? (y/N) y > Now creating self-signed certificate. This may take a while ... > gpgsm: about to sign the certificate for key: > &22BD35D43F4D748110C935CC6B8D13575306F89B > gpgsm: certificate created > Ready. > -----BEGIN CERTIFICATE----- > [...] I am not sure why gpgsm wrote > Key-Length: 1024 although the actual key length is 4096: $ gpg --list-secret-keys --with-keygrip | grep -B 1 22BD35D43F4D748110C935CC6B8D13575306F89B > ssb> rsa4096 2016-12-25 [A] > Keygrip = 22BD35D43F4D748110C935CC6B8D13575306F89B However, the newly created certificate seams to be valid: $ gpgsm --list-secret-keys --with-keygrip --with-validation 'scute test' > [...] > Issuer: /CN=scute test/C=AT > Subject: /CN=scute test/C=AT > validity: 2017-06-05 16:40:48 through 2063-04-05 17:00:00 > key type: 4096 bit RSA > key usage: digitalSignature nonRepudiation > chain length: unlimited > fingerprint: 0E:1F:DC:B0:43:FD:1B:93:70:76:C0:2A:B1:22:8E:3A:B0:8B:D4:52 > keygrip: 22BD35D43F4D748110C935CC6B8D13575306F89B > card s/n: D276000[...] > [certificate is good] Anyway, Scute still logs the same error message: > scute: scute_agent_get_cert: got certificate from card with length 259 > scute: asn1_get_element: wrong element in lookup path > scute: scute_attr_prv: rejecting certificate: could not get subject: General > error
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
