Re: Unable to sign or decrypt with card
Philip Jackson wrote: > I created the scdaemon.conf file as you suggested and then ran a decrypt > test : Thank you. > Perhaps there is something you can see which explains the problem ? As far as I can see, it looks like no problem of scdaemon, but card failure. Here is the decrypt operation started: > 2017-09-15 00:30:20 scdaemon[8306] DBG: send apdu: c=00 i=2A p1=80 p2=86 > lc=257 le=2048 em=1 Since it's long command, it is devided into two blocks, (1) and (2). This is the first block (1): > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: PC_to_RDR_XfrBlock: > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: dwLength ..: > 258 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSlot .: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSeq ..: 29 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bBWI ..: > 0x04 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: wLevelParameter ...: > 0x > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: [0010] 00 20 FE 00 2A > 80 ^ The first block has "more"-bit -- Then, this is the reply asking next block: > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: RDR_to_PC_DataBlock: > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: dwLength ..: 4 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSlot .: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSeq ..: 29 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bStatus ...: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: [0010] 00 90 00 90 This is the next block (2): > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: PC_to_RDR_XfrBlock: > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: dwLength ..: 16 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSlot .: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSeq ..: 30 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bBWI ..: > 0x04 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: wLevelParameter ...: > 0x > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: [0010] 00 40 0C FD E0 > 81 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: [0016] 35 DD 4C B4 CA > 38 6E 08 00 54 This block is final with no "more" bit. The expected behavior is the card reader returns text after decryption by card. But, card reader returns only three bytes, where more than four bytes are expected at least. > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: RDR_to_PC_DataBlock: > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: dwLength ..: 3 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSlot .: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bSeq ..: 30 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: bStatus ...: 0 > 2017-09-15 00:30:20 scdaemon[8306] DBG: ccid-driver: [0010] 00 00 00 So, it is interpreted as lower-level communication error. > 2017-09-15 00:30:20 scdaemon[8306] ccid_transceive failed: (0x1000d) > 2017-09-15 00:30:20 scdaemon[8306] apdu_send_simple(0) failed: aborted Sending APDU, the command is somehow aborted. > 2017-09-15 00:30:20 scdaemon[8306] operation decipher result: Operation > cancelled > 2017-09-15 00:30:20 scdaemon[8306] app_decipher failed: Operation cancelled > 2017-09-15 00:30:20 scdaemon[8306] DBG: chan_5 -> ERR 100663395 Operation > cancelled > 2017-09-15 00:30:20 scdaemon[8306] DBG: chan_5 <- CAN > 2017-09-15 00:30:20 scdaemon[8306] DBG: chan_5 -> ERR 100663571 Unknown IPC > command This part is a little buggy, though. The error code of GPG_ERR_CANCEL is not that appropriate, I suppose. Because of erroneous GPG_ERR_CANCEL, gpg-agent wrongly send "CAN" (cancel) command to scdaemon, which is unknown by scdaemon in this stage. I'll fix this part. I don't know the reason why card error occurs. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to sign or decrypt with card
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 14/09/17 23:53, Philip Jackson wrote: > Card status seems to be ok : > > gpg --card-status > Application ID ...: D2760001240102052870 > Version ..: 2.0 > Manufacturer .: ZeitControl > Serial number : 2870 > Name of cardholder: Philip Jackson > Language prefs ...: en > Sex ..: male > URL of public key : [not set] > Login data ...: [not set] > Private DO 1 .: [not set] > Private DO 2 .: [not set] > Signature PIN : forced > Key attributes ...: 0R 0R 0R > Max. PIN lengths .: 32 32 32 > PIN retry counter : 3 0 3 > Signature counter : 406 > Signature key : 60FF 4A45 7DD4 C4E2 CCAB D98D 5154 49A8 9A99 D8BD > created : 2014-10-28 23:13:28 > Encryption key: C04C 016C 3460 2B42 CDBB 2566 79D4 67BF F5DF 6C91 > created : 2014-10-28 23:18:24 > Authentication key: [none] > gpg: using subkey 0x515449A89A99D8BD instead of primary key > 0x26BD500A23543A63 > General key info..: pub 2048R/0x515449A89A99D8BD 2014-10-28 Philip > Jackson (Jan 2013 +) > sec 2048R/0x26BD500A23543A63 created: 2013-01-22 expires: never > ssb 2048R/0x2ACB19812A3EC90F created: 2013-01-22 expires: never > ssb> 2048R/0x515449A89A99D8BD created: 2014-10-28 expires: never > card-no: 0005 2870 > ssb> 2048R/0x79D467BFF5DF6C91 created: 2014-10-28 expires: never > card-no: 0005 2870 Hi Philip, A few weeks ago I experienced a very similar problem to what you describe. I was not able to sign any of my mail with my smart card and I was unable to decrypt files. Output of my gpg --card-status showed the same: Key attributes ...: 0R 0R 0R ... sec rsa4096/0x7BDDCD7C31F200DC created: 2015-11-24 expires:.. I have the exact same card reader at home and when running the status command I would get: Key attributes ...: rsa4096 rsa4096 rsa4096 ... sec> rsa4096/0x7BDDCD7C31F200DC created: 2015-11-24 expires: 2017-11-23 card-no: 0005 426B So I just re-checked my card reader at work. As I use the Gemalto PC Twin Reader it turned out that the connection between the USB cable and the card reader was slightly loose. Afterwards I was able to use my card as before. I would suggest (if you haven't tried that already). To try a different machine and/or a different reader combos and see if the problem is not a trivial faulty reader. Regards, Martin -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXpvIcrLGPB3dYM2b2/3pjiVWvVwFAlm7takACgkQ2/3pjiVW vVweoQ//biDPhktWhhSgCYCtQy1wFTQsSkfss8qvJ1jwmvdZ7FOwAIoUD86yBR9j 8iVW8cOkOIyoOGXrszVpdwp0rylnYnfPxNnPd5Z4njvtaPeWXRoQFRNxIcWjasKA ypSMY/cTasbIk4mTpskjuEjK+XrQNWH1zI2Laj3wbBBVAjQX+CRbUJVHYV7kEhX9 FHWxLc3aPrO4+YF8usDMMW7f9s9q2N5tGSzWo71UDoBjwsc9QJRmParcVi8Il0k4 RxHcjQq9/uLz+YEv1cG/5d9JMGEXSQ/DcLoJAx6nknrUhe8GTZXl3alwRoi7m/Ow dlA+dHv7tX/LO4hh1V2jTr/KyTkB564vzAe6ZU97jjcDf/75XxmrEA/MQfsu7RK/ I+iVRB5pWKVlsGELn2ce+jTSPoB/fmFIIICMUOFSAz7NhzsPBBHQxDs5MSq7GNlP wFhyCewvqB4HVwMjcI07mh7nppT6DwiyGo0aK7XxzECckBtPgfVpWIqcU2fn6p23 nc9qwEcGsD4TqM0fUS4XnRteg/RsPtSIxoaDzlY/LyEr9Z2gDFQKUJmo7Hlsuaq8 FhPbI6b8TOMUq/lCVi4qLJygMqBZpqVT5vJeD1sGfOL8XJcF05EAgI+3++3IiRHU aGrwhL04AYGZClYjMlf9d57NZrL7UeFCGW5fn3sv5aLI7hS7Q0k= =V4i6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to sign or decrypt with card
On 14/09/17 07:26, NIIBE Yutaka wrote: > Philip Jackson wrote: >> I have the log file which I attach. >> >> It shows a number of reports of the same error (lines 89,91,97,99,101) >> ERR 83886254 Unknown option , before it asks me for the pin >> (line 111). It says 'confidential data not shown' three times but I only >> entered the pin once. >> >> Can you determine anything from this ? > > Not much. It fails just after sending a command to the card. It seems > that there is some communication problem between host and card reader. > > How 'gpg --card-status' works? Card status seems to be ok : gpg --card-status Application ID ...: D2760001240102052870 Version ..: 2.0 Manufacturer .: ZeitControl Serial number : 2870 Name of cardholder: Philip Jackson Language prefs ...: en Sex ..: male URL of public key : [not set] Login data ...: [not set] Private DO 1 .: [not set] Private DO 2 .: [not set] Signature PIN : forced Key attributes ...: 0R 0R 0R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 406 Signature key : 60FF 4A45 7DD4 C4E2 CCAB D98D 5154 49A8 9A99 D8BD created : 2014-10-28 23:13:28 Encryption key: C04C 016C 3460 2B42 CDBB 2566 79D4 67BF F5DF 6C91 created : 2014-10-28 23:18:24 Authentication key: [none] gpg: using subkey 0x515449A89A99D8BD instead of primary key 0x26BD500A23543A63 General key info..: pub 2048R/0x515449A89A99D8BD 2014-10-28 Philip Jackson (Jan 2013 +) sec 2048R/0x26BD500A23543A63 created: 2013-01-22 expires: never ssb 2048R/0x2ACB19812A3EC90F created: 2013-01-22 expires: never ssb> 2048R/0x515449A89A99D8BD created: 2014-10-28 expires: never card-no: 0005 2870 ssb> 2048R/0x79D467BFF5DF6C91 created: 2014-10-28 expires: never card-no: 0005 2870 > > You can try to debug scdaemon by having .gnupg/scdaemon.conf: > > = > debug-level guru > debug-all > verbose > debug-ccid-driver > log-file /run/user/1000/scd.log > = I created the scdaemon.conf file as you suggested and then ran a decrypt test : gpg2 -v -o encrypt_test_decrypt -d encrypt_test.gpg this failed just as previously stated in the earlier post. The debug log covering the period of this test is attached : scd_decrypterror.log I see on line 377 the request for the PIN and on line 471 that the operation failed. Perhaps there is something you can see which explains the problem ? Thanks for your help. Philip 2017-09-15 00:30:14 scdaemon[8306] listening on socket '/home/pnj/.gnupg/S.scdaemon' 2017-09-15 00:30:14 scdaemon[8306] handler for fd -1 started 2017-09-15 00:30:14 scdaemon[8306] DBG: enter: apdu_open_reader: portstr=(null) 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: using CCID reader 0 (ID=04E6:5410:X:0) 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: idVendor: 04E6 idProduct: 5410 bcdDevice: 0304 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: ChipCard Interface Descriptor: 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bLength54 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bDescriptorType33 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bcdCCID 1.10 (Warning: Only accurate for version 1.0) 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: nMaxSlotIndex 0 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bVoltageSupport 7 ? 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwProtocols 3 T=0 T=1 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwDefaultClock 4800 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwMaxiumumClock 8000 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bNumClockSupported 0 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwDataRate 12903 bps 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwMaxDataRate 412903 bps 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: bNumDataRatesSupp. 0 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwMaxIFSD 252 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwSyncProtocols 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwMechanical 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: dwFeatures 000101BA 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: Auto configuration based on ATR (assumes auto voltage) 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: Auto voltage selection 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: Auto clock change 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: Auto baud rate change 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: Auto PPS made by CCID 2017-09-15 00:30:14 scdaemon[8306] DBG: ccid-driver: CCID can set ICC in clock stop mode 2017-09-15 00:30:14 scdaemon[8306] DBG: cci
Re: Unable to sign or decrypt with card
Philip Jackson wrote: > I have the log file which I attach. > > It shows a number of reports of the same error (lines 89,91,97,99,101) > ERR 83886254 Unknown option , before it asks me for the pin > (line 111). It says 'confidential data not shown' three times but I only > entered the pin once. > > Can you determine anything from this ? Not much. It fails just after sending a command to the card. It seems that there is some communication problem between host and card reader. How 'gpg --card-status' works? You can try to debug scdaemon by having .gnupg/scdaemon.conf: = debug-level guru debug-all verbose debug-ccid-driver log-file /run/user/1000/scd.log = Here is what we can see in your log. > 2017-09-11 18:10:21 gpg-agent[8972] gpg-agent (GnuPG) 2.1.11 started [...] gpg-agent started. > 2017-09-11 18:10:22 gpg-agent[8972] no running SCdaemon - starting it [...] And then, scdaemon started after PKDECRYPT command from gpg to gpg-agent. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> SERIALNO > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- S SERIALNO > D2760001240102052870 0 > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK [...] Card works fine to answer its serial number. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> PKDECRYPT OPENPGP.2 > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- INQUIRE NEEDPIN ||Please > enter the PIN > 2017-09-11 18:10:22 gpg-agent[8972] starting a new PIN Entry [...] gpg-agent asks PKDECRYPT command to scdaemon, and scdaemon inquires PIN for the authentication. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETDESC Please enter the > PIN > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETPROMPT PIN > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> [[Confidential data not > shown]] > 2017-09-11 18:10:23 gpg-agent[8972] SIGUSR2 received - updating card event > counter > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not > shown]] > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not > shown]] > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 -> BYE [...] This is interaction between pinentry and gpg-agent. SIGUSR2 (it means: a card is found) comes from scdaemon to gpg-agent, because scdaemon periodically checks if card is inserted. > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> END > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663395 Operation > cancelled > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> CAN > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663571 Unknown IPC > command > 2017-09-11 18:10:30 gpg-agent[8972] smartcard decryption failed: Operation > cancelled > 2017-09-11 18:10:30 gpg-agent[8972] command 'PKDECRYPT' failed: Operation > cancelled > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_6 -> ERR 100663395 Operation > cancelled [...] gpg-agent sends the PIN to scdaemon (until "END"), and I think that scdaemon sends command to the card through card reader. But it fails. There are two ways to access card reader for GnuPG. One is through PC/SC, and another is internal CCID driver of GnuPG. If it doesn't work well with PC/SC, it's worth to try the internal CCID driver (or vice virsa). -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to sign or decrypt with card
On 10/09/17 16:52, Werner Koch wrote:
> On Sat, 9 Sep 2017 14:54, philip.jack...@nordnet.fr said:
>
>> Suggestions as to how to check and correct this situation would be
>> appreciated.
>
> Newer versions of gpg should print a better error message; at least with
> -v. I guess that your pinentry is not installed or can't be used.
I don't think the pinentry is a problem. When I launch the command to
decrypt a document, the pinentry dialog box opens, I enter the pin and
click ok and the operation promptly fails.
> Do you have the option "pinentry-program" in your gpg-agent.conf ? Then
> check that it is really there.
I looked in gpg-agent.conf and found that I had commented out the
pinentry-program line back around March 2015 when I was trying to move
from gpg 2.0.22 to 2.0.26 and I was getting two pinentry dialog boxes
when trying to decrypt emails in enigmail. Commenting out the line in
gpg-agent.conf solved this problem at the time and the file has remained
like this ever since.
However, just to check, I uncommented it (and pinentry-gtk-2 is
installed on the machine) :
pinentry-program /usr/bin/pinentry-gtk-2
and tried again to decrypt the document. The only difference was that
this time the pinentry dialog box carried the name of 'pinentry-gtk-2'
instead of being anonymous. But the operation failed just the same.
>
> Is the environment variable GPG_TTY set as describen in the manual?
GPG_TTY=/dev/pts/6
Which doesn't mean much to me, I'm afraid.
> Do you get a prompt when calling "pinentry"? If so, does it show up a
> window after entering "getpin"?
Yes, pinentry gives 'OK Pleased to meet you' and a prompt. Then entering
getpin produces the pinentry box in which I enter the pin and the next
line is
D zz (where zz is the pin I entered) followed by
OK
>
> More information about gpg-agent an pinentry interaction can be seen by
> putting
>
> --8<---cut here---start->8---
> log-file /somewhere/gpg-agent.log
> verbose
> debug ipc
> debug-pinentry
> --8<---cut here---end--->8---
>
> into gpg-agent.conf and restarting gpg-agent ("pkill gpg-agent" or
> "gpgconf --kill gpg-agent").
OK, I added this to gpg-agent.conf and I now have a log file of a single
attempt to decrypt a sample file with command :
gpg2 -v -o encrypt-decrypt -d encrypt_test.gpg
This produced the pinentry dialog into which I put my pin and the
operation promptly failed with this on the screen :
# off=0 ctb=85 tag=1 hlen=3 plen=268
:pubkey enc packet: version 3, algo 1, keyid 79D467BFF5DF6C91
data: [2048 bits]
gpg: public key is 0x79D467BFF5DF6C91
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
# off=271 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
gpg: encrypted with 2048-bit RSA key, ID 0x79D467BFF5DF6C91, created
2014-10-28
"Philip Jackson (Jan 2013 +) "
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
I have the log file which I attach.
It shows a number of reports of the same error (lines 89,91,97,99,101)
ERR 83886254 Unknown option , before it asks me for the pin
(line 111). It says 'confidential data not shown' three times but I only
entered the pin once.
Can you determine anything from this ?
Regards,
Philip
2017-09-11 18:10:21 gpg-agent[8971] listening on socket '/home/pnj/.gnupg/S.gpg-agent'
2017-09-11 18:10:21 gpg-agent[8971] listening on socket '/home/pnj/.gnupg/S.gpg-agent.ssh'
2017-09-11 18:10:21 gpg-agent[8972] gpg-agent (GnuPG) 2.1.11 started
2017-09-11 18:10:22 gpg-agent[8972] handler 0x7f4d7704e700 for fd 6 started
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK Pleased to meet you, process 8969
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- RESET
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION ttyname=/dev/pts/2
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION ttytype=xterm
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION display=:0.0
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION xauthority=/home/pnj/.Xauthority
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION putenv=XMODIFIERS=@im=none
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION putenv=GTK_IM_MODULE=xim
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <-
Re: Unable to sign or decrypt with card
On Sat, 9 Sep 2017 14:54, philip.jack...@nordnet.fr said:
> Suggestions as to how to check and correct this situation would be
> appreciated.
Newer versions of gpg should print a better error message; at least with
-v. I guess that your pinentry is not installed or can't be used.
Do you have the option "pinentry-program" in your gpg-agent.conf ? Then
check that it is really there.
Is the environment variable GPG_TTY set as describen in the manual?
Do you get a prompt when calling "pinentry"? If so, does it show up a
window after entering "getpin"?
More information about gpg-agent an pinentry interaction can be seen by
putting
--8<---cut here---start->8---
log-file /somewhere/gpg-agent.log
verbose
debug ipc
debug-pinentry
--8<---cut here---end--->8---
into gpg-agent.conf and restarting gpg-agent ("pkill gpg-agent" or
"gpgconf --kill gpg-agent").
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpUA6YozyS7t.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Unable to sign or decrypt with card
gpg (GnuPG) 2.1.11 in UbuntuStudio 16.04 LTS libgcrypt 1.6.5 At the end of April, I made a detached signature of a file that I was distributing. Today I updated that file and tried to make another detached signature. The operation failed with a not very informative error message : gpg: signing failed: Operation cancelled I checked the card-status and it seemed normal so I encrypted a test file and that was ok. The PIN is certainly correct. Then I tried to decrypt the test file and the operation failed with a better message : gpg: public key decryption failed: Operation cancelled gpg: decryption failed: No secret key So it looks like my secret key has vanished from sight and contact of gpg in the past 4 months although I have changed strictly nothing in my setup in that period - except regular UbuntuStudio security updates and I don't recall having seen and gpg stuff go through. gpg2 -K does list my secret key - Suggestions as to how to check and correct this situation would be appreciated. Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
