gpg-agent only checks for smartcard not for local keys
Horst Skatmus
Horst at skat-foundation.de
Sat Nov 2 12:20:07 CET 2019
I have installed GnuPG Windows on a Windows 10 machine and I'd like to use
it with Putty as key based ssh authentication together with a smartcard. I
got everything working fine.
The only problem I have is that the gpg-agent always checks for the
smartcard even when keys are not stored on a smartcard.
gpg-connect-agent "keyinfo --list" /bye
S KEYINFO 16F96695784023BBD32BE7D9F8320568156CB76A D - - - P - - -
S KEYINFO 3D3DE2508675ECE9856242056D8A5956E35B056E D - - - P - - -
S KEYINFO C8316A470CEB466B4565C55B7FB8A98BA10BB558 D - - - P - - -
S KEYINFO C9376FD06A963284ADC1EF46861EC611C5D780B7 D - - - P - - -
This shows that all keys are located on the disk (column with the "D") but
the gpg-agent log shows that the agent get a request from putty via the
"Pageant" options and he checks for a SC via the scdaemon.
2019-11-01 19:44:18 gpg-agent[6304] DBG: ssh map file
'PageantRequest00003d68'
2019-11-01 19:44:18 gpg-agent[6304] DBG: ssh map handle 0x00000338
2019-11-01 19:44:18 gpg-agent[6304] DBG: my sid:
'S-1-5-21-2710969852-3158981170-84828875-1001'
2019-11-01 19:44:18 gpg-agent[6304] DBG: ssh map file sid:
'S-1-5-21-2710969852-3158981170-84828875-1001'
2019-11-01 19:44:18 gpg-agent[6304] DBG: ssh IPC buffer at 0x00670000
2019-11-01 19:44:18 gpg-agent[6304] ssh request handler for
request_identities (11) started
2019-11-01 19:44:18 gpg-agent[6304] new connection to SCdaemon established
(reusing)
2019-11-01 19:44:18 gpg-agent[6304] DBG: chan_0x00000314 -> SERIALNO
2019-11-01 19:44:18 gpg-agent[6304] DBG: chan_0x00000314 <- ERR 100696144 No
such device <SCD>
2019-11-01 19:44:18 gpg-agent[6304] ssh request handler for
request_identities (11) ready
2019-11-01 19:44:18 gpg-agent[6304] DBG: chan_0x00000314 -> RESTART
2019-11-01 19:44:18 gpg-agent[6304] DBG: chan_0x00000314 <- OK
I do not understand how the gpg-agent determines where to look for the
private key (disk or smartcard) and where this is configured. I can switch
off the scdaemon via --disable-scdaemon but this has no effect.
When I copy the secret key to the smartcard via keytocard in gpg everything
works fine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191102/95b29a59/attachment.html>
More information about the Gnupg-users
mailing list