OpenPGP card - adding subkeys on PC keyring generates encrypted "pass-free" files

dany_list at natzo.com dany_list at natzo.com
Sun Jan 9 00:50:58 CET 2005 

Hello,

I got my OpenPGP card and played around for a while. It worked well 
except for one case which produces a weird behavior :

Conditions :
Win2K + GPG 1.4.0, Towitoko micro 130 USB smartcard reader, OpenPGP card 
from g10code.de

I couldn't use the on-card key generation (it looks like a PC/SC 
problem) so I generated the primary signing key (RSA 1024) as well an 
encryption subkey (RSA 1024) on my PC. Then I used the keytocard command 
twice to move those two keys to the card.
Now --edit-key gives me :
----------------------------------
sec  1024R/04B4BC74  created: 2005-01-08  expires: never          
                     card-no: 0001 00000123
ssb  1024R/6E62C723  created: 2005-01-08  expires: never          
                     card-no: 0001 00000123
----------------------------------

So using this configuration I can easily encrypt and decrypt stuff.

--------------------------------------
C:\GnuPG>gpg -e -r 0x6E62C723 test.txt        test.txt contains the 
string "test me now"

C:\GnuPG>gpg -d test.txt.gpg
gpg: detected reader `SCM Microsystems Inc. CHIPDRIVE USB SmartCardReader 0'
gpg: DBG: asking for PIN 'PIN'

PIN
gpg: encrypted with 1024-bit RSA key, ID 6E62C723, created 2005-01-08
      "Card Tester <card at tester.com>"
test me now
--------------------------------------

If I don't insert the card and try to decrypt I get :

------------------------------------------
C:\GnuPG>gpg -d test.txt.gpg
gpg: detected reader `SCM Microsystems Inc. CHIPDRIVE USB SmartCardReader 0'
gpg: pcsc_connect failed: removed card (0x80100069)
gpg: card reader not available
gpg: encrypted with 1024-bit RSA key, ID 6E62C723, created 2005-01-08
      "Card Tester <card at tester.com>"
gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available
---------------------------------------------

For your information, --list-packets reports :

------------------------------------------------
C:\GnuPG>gpg --list-packets < test.txt.gpg
:pubkey enc packet: version 3, algo 1, keyid 3FC9C8B76E62C723
        data: [1023 bits]
gpg: detected reader `SCM Microsystems Inc. CHIPDRIVE USB SmartCardReader 0'
gpg: pcsc_connect failed: removed card (0x80100069)
gpg: card reader not available
:encrypted data packet:
        length: 78
        mdc_method: 2
gpg: encrypted with 1024-bit RSA key, ID 6E62C723, created 2005-01-08
      "Card Tester <card at tester.com>"
gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available
-----------------------------------------------

So now, if I just add one subkey (encrypt, RSA 1024) to my keyring 
(without transferring anything to the card)
----------------------------------
sec  1024R/04B4BC74  created: 2005-01-08  expires: never          
                     card-no: 0001 00000123
ssb  1024R/6E62C723  created: 2005-01-08  expires: never          
                     card-no: 0001 00000123
ssb  1024R/B8910295  created: 2005-01-08  expires: never          
(1)  Card Tester <card at tester.com>
--------------------------------------
and encrypt the same file using the same previous recipient (the RSA 
encrypt key from the card)

--------------------------------------------
C:\GnuPG>gpg -e -r 0x6E62C723 test.txt

=====>> This is where the fun comes up, you can get the clear text 
without entering any pin or passphrase !

-------------------------------------------------
C:\GnuPG>gpg -d test.txt.gpg
gpg: encrypted with 1024-bit RSA key, ID B8910295, created 2005-01-08
      "Card Tester <card at tester.com>"
test me now                                        
---------------------------------------------------

As you can see the message has been encrypted with the latest RSA key 
added (off-card) even if I explicitly selected the other one (0xB8910295 
instead of 0x6E62C723)

For information, the list-packets give :

----------------------------------------------------
C:\GnuPG>gpg --list-packets < test.txt.gpg
:pubkey enc packet: version 3, algo 1, keyid 00756FAAB8910295
        data: [1024 bits]
:encrypted data packet:
        length: 78
        mdc_method: 2
gpg: encrypted with 1024-bit RSA key, ID B8910295, created 2005-01-08
      "Card Tester <card at tester.com>"
:compressed packet: algo=2
:literal data packet:
        mode b (62), created 1105224996, name="test.txt",
        raw data: 13 bytes
--------------------------------------------------------

I tried the same thing without using any smartcard (1 primary RSA (sign) 
and 2 subkeys (RSA encrypt)) and it asked me for the passphrase.

Am I missing something here regarding the way a new subkey is added with 
a primary signing key on the OpenPGP card ?
Why didn't gnupg use the keyid I specified ?

It was very disturbing as I was sending encrypted test messages to 
myself and was surprised to discover that I could decrypt them without 
having the card inserted (or entering any passphrase).

Sorry for this long (first) post. I hope someone will help me 
understanding this phenomena. I'm trying to write a quick tutorial on 
how to use easily those cards with GnuPG and also Enigmail for 
Thunderbird so proper warnings should be issued to explain the limitations.

Thanks
Dany

More information about the Gnupg-devel mailing list