Re: Poldi example usage of gpg-connect-agent fails

[Peter Lebbing]

On 06/09/17 11:30, Franck Routier (perso) wrote:
> My problem is that the command  gpg-connect-agent "/datafile myfile"
> "SCD READKEY --advanced OPENPGP.3" /bye returns an error:
> 
> ERR 100663414 Identifiant incorrect 

Hmmm, it works for me on Debian stretch/stable, with the system-provided 
GnuPG 2.1.18.

If I am lazy and don't uppercase the slot identifier, I get a comparable 
result:

$ gpg-connect-agent "/datafile /home/peter/bla.key" "SCD READKEY --advanced 
openpgp.3" /bye 
ERR 100663414 Invalid ID 

If I try it on a card which only has S and E keys, no A key, the result 
is something else:

$ gpg-connect-agent "/datafile /home/peter/bla.key" "SCD READKEY --advanced 
OPENPGP.3" /bye 
ERR 100663305 No public key 


Which version of GnuPG are you using? It does not appear to be that the 
functionality no longer works in newer versions, since 2.1.18 is pretty 
recent.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Poldi example usage of gpg-connect-agent fails

[Franck Routier (perso)]

Hi, and thank you for your help,


Le 07/09/2017 à 08:06, Alexander Paetzelt | Nitrokey a écrit :

I got this working some weeks ago for testing purposes. I did what's
written here

https://www.nitrokey.com/documentation/applications#p:nitrokey-pro:linux:computer-login 



Why do you think, poldi-ctrl is not there for 0.4? I used 0.4.1 and had
it (on ArchLinux though). You may have to use root rights to use 
poldi-ctrl?

In fact poldi-ctrl is not included in the debian/ubuntu package.

The NEWS file in /usr/share/doc/libpam-poldi even states, at the very 
beginning:


"Changes since version 0.4.1:

* poldi-ctrl is removed
  Please use gpg-connect-agent instead."

That said, I could compile poldi-ctrl from source to get the config file 
I needed.

The steps I followed are:
$ git clone https://github.com/chrisboyle/poldi.git
$ sudo apt install libgpg-error-dev
$ sudo apt install libpam0g-dev
$ sudo apt install libgcrypt20-dev
$ ./configure;make

then poldi-ctrl is in poldi/src/ctrl/poldi-ctrl

I had to stop the running scdaemon to get it working, and poldi-ctrl -k 
finally gave me the right incantations.


So I now have it running. Now, the Debian packager, and even the upstram 
doc writer seem to think I should use gpg-agent...


So, anyone has an idea about why this fails:

$ gpg-connect-agent "/datafile myfile" "SCD READKEY --advanced 
OPENPGP.3" /bye


ERR 100663414 Identifiant incorrect 

Regards,
Franck



Kind regards
Alex


On 09/06/2017 11:30 AM, Franck Routier (perso) wrote:

Hi,

I am trying to get into smartcard usage, and would want to allow
Authentication on my system with an OpenPGP Card (FSFE Fellowship
smartcard).

As I understand it (I might be wrong), the right pam module is Poldi.

According to the Texinfo page (info poldi), current version is 0.4,
and lacks the previous poldi-ctrl utility, so I have to create some
config file manually.

Specifically, here is the example that is given:


First, the system administrator has to associate the user moritz 
with

the card's serial number:

  $ echo "D27600012401010100010655 moritz" >>
/etc/poldi/localdb/users

Second, the system administrator needs to write the card's key 
into a

card-specific key file.  Therefore he inserts Moritz' smartcard and
executes:

  $ gpg-connect-agent "/datafile
/etc/poldi/localdb/keys/D27600012401010100010655" "SCD READKEY
--advanced OPENPGP.3" /bye


My problem is that the command  gpg-connect-agent "/datafile myfile"
"SCD READKEY --advanced OPENPGP.3" /bye returns an error:

ERR 100663414 Identifiant incorrect 


Can anyone help me on this ? (or is there a better way to authenticate
using an OpenPGP smartcard ?) (or is it just a bad idea ?)

Thanks in advance

Franck


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users