Issues with smart card since update to FC16

Georg C. F. Greve greve at fsfeurope.org
Fri Dec 23 23:10:07 CET 2011 

Hi all,

I've been using the Fellowship smart card for years under Debian and Fedora, 
up until updating to Fedora 16. 

Ever since I keep having issues that are, well, odd. 

Take the following instructions of pinentry-qt4 upon trying to decrypt an  
email in Kontact (screenshot attached). This is the gpg --card-status output  
for the very same card:

Application ID ...: D2760001240101010001000003500000
Version ..........: 1.1
Manufacturer .....: PPC Card Systems
Serial number ....: 00000350
Name of cardholder: Georg C.F. Greve
Language prefs ...: ende
Sex ..............: male
URL of public key : http://gnuhh.org/greve-public.asc
Login data .......: greve
Private DO 1 .....: [not set]
Private DO 2 .....: [7] Georg C. F. Greve <greve at fsfe.org>
CA fingerprint 1 .: C485 A6CD 7EC6 6E9E EC33  65F2 70F2 75E4 C32F 6CA5
Signature PIN ....: not forced
Key attributes ...: 1024R 1024R 1024R
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 0 3
Signature counter : 48318
Signature key ....: E2E7 DABF 1B6D 948E A55E  07B4 293D B14C B7DB 041C
      created ....: 2005-05-02 11:35:48
Encryption key....: ECDA 0869 1DCE 2C60 C265  281D F953 D01F 7DF1 6B24
      created ....: 2005-05-02 11:36:44
Authentication key: DF41 4ED5 A2C5 42D7 BF92  67D1 4742 F5AD 5378 AB47
      created ....: 2005-05-02 11:37:16
General key info..: pub  1024R/B7DB041C 2005-05-02 Georg C. F. Greve (Kolab 
Systems AG, CEO) <greve at kolabsys.com>
sec#  1024D/86574ACA  created: 1999-02-20  expires: never     
ssb>  1024R/B7DB041C  created: 2005-05-02  expires: never     
                      card-no: 0001 00000350
ssb>  1024R/7DF16B24  created: 2005-05-02  expires: never     
                      card-no: 0001 00000350
ssb>  1024R/5378AB47  created: 2005-05-02  expires: never     
                      card-no: 0001 00000350

When trying to decrypt a file on the command line, I get:

gpg: anonymous recipient; trying secret key C3C6A26D ...
gpg: protection algorithm 1 (IDEA) is not supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/faq/why-not-idea.html for more 
information
gpg: anonymous recipient; trying secret key 7487FC5D ...
gpg: anonymous recipient; trying secret key A1783953 ...
gpg: anonymous recipient; trying secret key B7DB041C ...
gpg: fingerprint on card does not match requested one
gpg: anonymous recipient; trying secret key 7DF16B24 ...

Please enter the PIN
gpg: verify CHV2 failed: invalid passphrase
gpg: anonymous recipient; trying secret key 5378AB47 ...
gpg: fingerprint on card does not match requested one
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with ELG-E key, ID 00000000
gpg: decryption failed: secret key not available

when entering the correct PIN.


Trying to ssh into another machine does not even attempt smart card 
authentication, which I guess may have to do with my running the agent without 
scdaemon support, via:

--disable-scdaemon --pinentry-program /usr/bin/pinentry-qt4 --enable-ssh-
support --daemon --sh --write-env-file=/home/greve/.gpg-agent-info

So I guess the key should be listed in .gnupg/sshcontrol, which it is not.

But then, ssh-add -l, which I guess should add it, tells me:

The agent has no identities.


The environment variables in the session look okay, I guess:

declare -x GPG_AGENT_INFO="/home/greve/.gnupg/S.gpg-agent:1750:1"
declare -x SSH_AGENT_PID="1750"
declare -x SSH_ASKPASS="/usr/libexec/openssh/gnome-ssh-askpass"
declare -x SSH_AUTH_SOCK="/home/greve/.gnupg/S.gpg-agent.ssh"

and the pinentry dialogue pops up as expected.


So what's going on? Did something change to which I should have adapted my 
setup when upgrading to FC 16? Or is this an issue with the new kernel series? 
Or something else?

Pointers appreciated.

Best regards,
Georg


-- 
Georg C. F. Greve <greve at fsfeurope.org>
Member of the General Assembly
http://fsfe.org/about/greve/
http://blogs.fsfe.org/greve/
http://identi.ca/greve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: agent.png
Type: image/png
Size: 15901 bytes
Desc: not available
URL: </pipermail/attachments/20111223/ac4d342c/attachment-0001.png>

More information about the Gnupg-devel mailing list