Better smartcard support in GnuPG

Kurt Fitzner kfitzner at excelcia.org
Mon Jan 9 15:06:51 CET 2006 

While implementing smartcard support in GPGee, I noticed that there are
what I think are a few weak areas in GnuPG's smartcard support:

1) Missing --status-fd messages
I took my well-used key and made a subkey on my smartcard.  I then
deleted my primary secret key so that I only have the subkey's smartcard
stubs on my secret keyring.  I keep my full secret keys offline in a
safe place.

Without that full secret key, I cannot sign other keys.  The error
reported by GnuPG is:
  gpg: secret key parts are not available
  gpg: signing failed: general error

The problem is, GnuPG has no --status-fd message for the above error.
This means that GPGME doesn't pick up on this error.  A GPGME client
application will think that a signing operation was a success.

2) Confusing --status-fd messages
When a smartcard PIN is wrong, the only --status-fd message returned is:
[GNUPG:] SC_OP_FAILURE

This means that a GPGME client appication can't tell the user that the
PIN was wrong - all it can say is the operation failed.

I would suggest that a BAD_PASSPHRASE status message be issued with the
serial number of the card:
[GNUPG:] BAD_PASSPHRASE D27600012401010100010000052C0000

3) Request PIN even when card is missing/wrong card
I would suggest that if there is no smartcard in the reader, then GnuPG
should still go ahead and request the PIN.  This will give applications
the opportunity to prompt the user for the correct card in their
passphrase dialogs: "Insert card #blahblah and then enter the PIN" This
will eliminate the need for card detection and simplify front end
support greatly.  The current status messages for missing (CARDCTL 5) or
wrong (CARDCTL 3+1) could still be retained so that missing/wrong cards
can be detected.  If the "GET_LINE cardctrl.change_card.okay" command-fd
line is eliminated with this change, it shouldn't break any existing
applications.  In fact, this might actually make some existing
applications more card friendly.

	Kurt.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 372 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060109/54e86b11/signature.pgp

More information about the Gnupg-devel mailing list