Unable to sign or decrypt with card

Philip Jackson philip.jackson at nordnet.fr
Fri Sep 15 00:53:23 CEST 2017 

On 14/09/17 07:26, NIIBE Yutaka wrote:
> Philip Jackson <philip.jackson at nordnet.fr> wrote:
>> I have the log file which I attach.
>>
>> It shows  a number of reports of the same error  (lines 89,91,97,99,101)
>> ERR 83886254 Unknown option <PINentry>, before it asks me for the pin
>> (line 111). It says 'confidential data not shown' three times but I only
>> entered the pin once.
>>
>> Can you determine anything from this ?
> 
> Not much.  It fails just after sending a command to the card.  It seems
> that there is some communication problem between host and card reader.
> 
> How 'gpg --card-status' works?
Card status seems to be ok :

gpg --card-status
Application ID ...: D2760001240102000005000028700000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00002870
Name of cardholder: Philip Jackson
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Key attributes ...: 0R 0R 0R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 406
Signature key ....: 60FF 4A45 7DD4 C4E2 CCAB  D98D 5154 49A8 9A99 D8BD
      created ....: 2014-10-28 23:13:28
Encryption key....: C04C 016C 3460 2B42 CDBB  2566 79D4 67BF F5DF 6C91
      created ....: 2014-10-28 23:18:24
Authentication key: [none]
gpg: using subkey 0x515449A89A99D8BD instead of primary key
0x26BD500A23543A63
General key info..: pub  2048R/0x515449A89A99D8BD 2014-10-28 Philip
Jackson (Jan 2013 +) <philip.jackson at nordnet.fr>
sec   2048R/0x26BD500A23543A63  created: 2013-01-22  expires: never
ssb   2048R/0x2ACB19812A3EC90F  created: 2013-01-22  expires: never
ssb>  2048R/0x515449A89A99D8BD  created: 2014-10-28  expires: never
                      card-no: 0005 00002870
ssb>  2048R/0x79D467BFF5DF6C91  created: 2014-10-28  expires: never
                      card-no: 0005 00002870


> 
> You can try to debug scdaemon by having .gnupg/scdaemon.conf:
> 
> =============================
> debug-level guru
> debug-all
> verbose
> debug-ccid-driver
> log-file /run/user/1000/scd.log
> =============================

I created the scdaemon.conf file as you suggested and then ran a decrypt
test :

gpg2 -v -o encrypt_test_decrypt -d encrypt_test.gpg

this failed just as previously stated in the earlier post. The debug log
covering the period of this test is attached : scd_decrypterror.log

I see on line 377 the request for the PIN and on line 471 that the
operation failed.

Perhaps there is something you can see which explains the problem ?

Thanks for your help.

Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scd_decrypterror.log
Type: text/x-log
Size: 50096 bytes
Desc: not available
URL: </pipermail/attachments/20170915/5da750b5/attachment-0001.bin>

More information about the Gnupg-users mailing list