Required patches for the OpenPG card v2.0

Patrick Brunschwig patrick at mozilla-enigmail.org
Thu Jul 23 08:50:48 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Werner Koch wrote:
> On Sat, 18 Jul 2009 18:36, patrick at mozilla-enigmail.org said:
> 
>> have the wrong card inserted (e.g. for decryption), gpg 1.4.9 responds
>> with these status messages:
>>
>> [GNUPG:] ENC_TO 12A7990DF2541241 1 0
>> [GNUPG:] CARDCTRL 3 D2760001240101010001000000460000
>> [GNUPG:] CARDCTRL 1 D2760001240102000005000000700000
>> [GNUPG:] SC_OP_FAILURE
>> [GNUPG:] BEGIN_DECRYPTION
>> [GNUPG:] DECRYPTION_FAILED
>>
>>
>> Version 2.0.12+ only responds with this:
>> [GNUPG:] ENC_TO 12A7990DF2541241 1 0
>> [GNUPG:] BEGIN_DECRYPTION
>> [GNUPG:] DECRYPTION_FAILED
>> [GNUPG:] END_DECRYPTION
> 
> Yo used 1.4.9 without scdaemon support; if you would have used it with
> gpg-agent/scdaemon, the output would be similar to:
> 
>   [GNUPG:] ENC_TO 10B671F6860B1CFE 1 0
>   [GNUPG:] CARDCTRL 3 
>   [GNUPG:] SC_OP_FAILURE
>   [GNUPG:] BEGIN_DECRYPTION
>   [GNUPG:] DECRYPTION_FAILED
>   [GNUPG:] END_DECRYPTION
> 
> Thus the CARDCTRL 1 is also missing.  I changed gpg2 to emit:
> 
>   [GNUPG:] ENC_TO 10B671F6860B1CFE 1 0
>   [GNUPG:] CARDCTRL 3 D2760001240101010001000003470000
>   [GNUPG:] SC_OP_FAILURE
>   [GNUPG:] BEGIN_DECRYPTION
>   [GNUPG:] DECRYPTION_FAILED
>   [GNUPG:] END_DECRYPTION
>   
> Which is basically the same.  It just adds the s/n of the current card
> to CARDCTRL 3.
> 
> The question now is what to do with the cardctrl values used on a
> standalone gpg:
> 
>   CARDCTRL 1 = Request insertion of a card.  Serialnumber may be given
>                to request a specific card.
>   CARDCTRL 2 = Request removal of a card.
> 
> With scdaemon handling all access to the cards, including the PIN
> question, it would make sense to have scdaemon ask for inserting the
> right card as well.  To allow for a bit of unattended operation this
> needs to be suppressed if --batrch is given to gpg.  Do you see any
> problem with such an approach?

I think that would be a good approach.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSmgIRncOpHodsOiwAQiDcQgAjGYxwPe0PHfSXPU9R1su+aDYFIvvSJXp
KjYO+dPAhPk38Zu1vANth+DRBXICn18NEzbMEpXGfx46bz5ePMP5i8wl4ixsfCpn
SlGnhg6XvK+5ZaA7BVpjZ09de78W1F2Unj7DbG22Myd2N7BEK5fqfFA7qdcGAsfx
adcf565ybeZaZik0EDJpiGUDC94mGYg/CBtA08ByRoAEUOP+gmn+tmkw7CmsfERC
r+gY/I/xuF6xpTCWNqbOkiQ9bimTyvut8DFyi0cIX2RyZ41Q4IW/kGqRthr5FUUI
03PIfa8sw+n4lkAXDH1S1KxwdlC19Fx5Ma7Oh2OlRbpqItSty3NPRg==
=DwNY
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list