On 06/05/2017 07:04 PM, Fabian Peter Hammerle wrote:
OK, this is weird. 259 bytes seems too short for a X.509 certificate, especially one based on 4096-bit public key (for comparison, my own 2048-bit certificate is 1587 bytes).scute: scute_agent_get_cert: got certificate from card with length 259
Maybe an error occured when the certificate was stored on the Yubikey, and the certificate there is actually truncated?
Could you extract the certificate from the smartcard and have a look at it? Run gpg in card-edit mode, and at the prompt, use the (undocumented) readcert command to save the certificate to a file
$ gpg --card-edit gpg/card> readcert 3 > file.der gpg/card> quit Then inspect the contents of file.der, using e.g. openssl: $ openssl x509 -inform DER -in file.der -text
Due to scute 'rejecting certificate' I just removed my current certificate for the auth subkey from gpgsm and created / imported a new self-signed certificate:
> [...]
Anyway, Scute still logs the same error message:
Did you import your new certificate onto the Yubikey? Because independently of what your gpgsm store may contain, Scute will always try to fetch the certificate from the token itself.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
