[rant] using a hardware token with GnuPG

Martin Paljak martin at martinpaljak.net
Mon Aug 15 15:00:18 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

I have a CryptoStick v1.2 and up to date Debian sid (amd64). I'm having
some hard time trying to set Enigmail to work, in fact, getting GnuPG to
work with a smart card at all. Make no mistakes, this is a rant. But
from a user who is not an absolute beginner (meaning it is porobably
even more confusing for newcomer average Ubuntu users) nor with eye
patches, meaning I'm trying to be realistic and practical when it comes
to matters of software, security or smart cards in that matter.

This is what I have installed:
GnuPG 2:
$ gpg2 --version
gpg (GnuPG) 2.0.17
libgcrypt 1.4.6
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

GnuPG 1:

$ gpg --version
gpg (GnuPG) 1.4.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


My setup looks as foolows: a keybaord with a smart card reader and a
smart card reader + fingerprint scanner which are always connected. And
one CryptoStick, which most of the time is supposed to sit in my pocket.
Every now and then I have other smart card readers (could be as many as
tens of readers) connected as well, for example a proper pinpad reader
for when I use my eID for legally binding signatures. If I could change
my keybaord against a plain keyboard then keep in mind that many modern
laptop computers come with a built-in smart card reder. Which is always
present. So the list is often dynamic in real life.

$ opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 No HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00
1 No ACS ACR 38U-CCID 01 00
2 Yes German Privacy Foundation Crypto Stick v1.2 02 00


I already had the CryptoStick set up with a self-compiled GnuPG 2.0.18
to make use of 4096 keys (how is outside of the scope of this e-mail), I
re-installed from Debian packages after initializing the token.

This is how the token looks like:
$ gpg2 --card-status
scdaemon[7191]: PC/SC RESET failed: no smartcard (0x8010000c)
scdaemon[7191]: apdu_send_simple(0) failed: no card
scdaemon[7191]: can't select application `openpgp': Card not present
gpg: selecting openpgp failed: Card not present
gpg: OpenPGP card not available: Card not present
scdaemon[7191]: updating slot 0 status: 0x0000->0x0004 (0->1)
$ scdaemon[7191]: scdaemon (GnuPG) 2.0.17 stopped

Interesting, I have the token inserted alright, how come the card is not
present? (read and learn about scdaemon and --reader-port option). So I
know that I should adjust a configuration file every time the
configuration of my pluggable USB devices changes. Fine, luckily I have
opensc-tool installed to check my connected readers at the moment.

$ echo 'reader-port "German Privacy Foundation Crypto Stick v1.2 02 00"'
> ~/.gnupg/scdaemon.conf
$ cat ~/.gnupg/scdaemon.conf
reader-port "German Privacy Foundation Crypto Stick v1.2 02 00"

A new try:

$ gpg2 --card-status
scdaemon[6870]: PC/SC OPEN failed: sharing violation
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error
$ scdaemon[6870]: scdaemon (GnuPG) 2.0.17 stopped

Something changed, a different error!
Whoops, I have a browser (Chrome) running (like many people do), which
could theoretically make use of the X509 certificate on the token
through a PKCS#11 driver. I have not yet found a piece of software that
would allow to write the actual certificate to the card. But OpenSC
PKCS#11 can make use of the keys on the tokend, for example for SSH
authentication with OpenSSH (which would mean killing all open SSH
sessions making use of the token as well). OpenSC tries to be friendly
and actually is not blocking other software from accessing the card when
it is not actually doing crypto with the card:

$ opensc-tool -lv
# Detected readers (pcsc)
Nr. Card Features Name
0 No HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00
1 No ACS ACR 38U-CCID 01 00
2 Yes German Privacy Foundation Crypto Stick v1.2 02 00
3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
CryptoStick v1.2 (OpenPGP v2.0) [IN USE]

Nevertheless, I'll go on and kill all my browser windows for the duratin
of writing rest of the e-mail.
Again a new try:
$ gpg2 --card-status
Application ID ...: D2760001240102000005000005460000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00000546
Name of cardholder: Martin Paljak
Language prefs ...: et
Sex ..............: male
URL of public key : http://martinpaljak.net/pgp.asc
Login data .......: martin
Signature PIN ....: forced
Key attributes ...: 4096R 4096R 4096R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 39
Signature key ....: B444 E75C 6A7D 4C77 20ED D06C 7482 655E 307E 3452
created ....: 2011-08-10 13:12:43
Encryption key....: 475A 3D34 681B 7498 81BC E02E 9140 D7C7 0121 2BA2
created ....: 2011-08-10 13:12:43
Authentication key: 12D5 7AA0 F048 7484 8BA6 D902 1798 DE28 20D9 1C31
created ....: 2011-08-10 13:12:43
General key info..: pub 4096R/307E3452 2011-08-10 Martin Paljak
<martin at martinpaljak.net>
sec> 4096R/307E3452 created: 2011-08-10 expires: never
card-no: 0005 00000546
ssb> 4096R/20D91C31 created: 2011-08-10 expires: 2016-08-08
card-no: 0005 00000546
ssb> 4096R/01212BA2 created: 2011-08-10 expires: 2014-08-11
card-no: 0005 00000546

Okay. Much better. I seem to have a recognized smart card with nice and
shiny 4096 bit RSA keys in hardware. Security++.


So I'd like to use the device to send encrypted and signed e-mails to
peple using GnuPG. I downloaded Thunderbird 5 + Enigmail 1.2.1 (the one
from the website, not through addons browser inside Thunderbird, which
still offers only 1.2 which is apparently buggy) for that purpose.

I configure Enigmail to use /usr/bin/gpg2 as I think I should want to
use the newer and better GnuPG 2. I was for a while also under the
impression that I *need* to use GnuPG 2 because I have these huge keys.

Sending signed messages fails though:

Send operation aborted.
Error - encryption command failed
gpg command line and output:
/usr/bin/gpg2
gpg: signing failed: No pinentry
gpg: [stdin]: clearsign failed: No pinentry


For a while lets forget Enigmail. I was able to set it up so that I
could actually send signed messages, but I forgot how it happened, was I
using gpg2 or gpg1 or with what exact settings. But it worked with some
tweaking and wrapping binaries with proper environment. I'll fall back
to checking my setup on the terminal.

So I think I have my keys nicely present and usable for GnuPG:
$ gpg2 --list-keys martin at martinpaljak.net
pub 4096R/307E3452 2011-08-10
uid Martin Paljak <martin at martinpaljak.net>
uid Martin Paljak <martin.paljak at gmail.com>
uid Martin Paljak <martin.paljak at eesti.ee>
uid [jpeg image of size 8681]
sub 4096R/20D91C31 2011-08-10 [expires: 2016-08-08]
sub 4096R/01212BA2 2011-08-10 [expires: 2014-08-11]

$ gpg2 --list-secret-keys martin at martinpaljak.net
sec> 4096R/307E3452 2011-08-10
Card serial no. = 0005 00000546
uid Martin Paljak <martin at martinpaljak.net>
uid Martin Paljak <martin.paljak at gmail.com>
uid Martin Paljak <martin.paljak at eesti.ee>
uid [jpeg image of size 8681]
ssb> 4096R/20D91C31 2011-08-10 [expires: 2016-08-08]
ssb> 4096R/01212BA2 2011-08-10 [expires: 2014-08-11]

Lets go and sign some data:
$ gpg2 --clearsign
Hello, World!
Hello, World!
scdaemon[8431]: signatures created so far: 41
scdaemon[8431]: DBG: asking for PIN '||Please enter the PIN%0A[sigs
done: 41]'

(pinentry:8442): GLib-GObject-CRITICAL **: Object class GtkSecureEntry
doesn't implement property 'editing-canceled' from interface
'GtkCellEditable'
scdaemon[8431]: updating slot 0 status: 0x0000->0x0007 (0->1)
$ scdaemon[8431]: scdaemon (GnuPG) 2.0.17 stopped

If you omit the Gtk garbage, I get a nice PIN entry window, enter my PIN
and voila, get a signature.

Lets try encryption:
$ echo "test" | gpg2 -ear martin at martinpaljak.net | gpg2 -d
gpg: encrypted with 4096-bit RSA key, ID 01212BA2, created 2011-08-10
"Martin Paljak <martin at martinpaljak.net>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
scdaemon[8465]: updating slot 0 status: 0x0000->0x0007 (0->1)
$ scdaemon[8465]: scdaemon (GnuPG) 2.0.17 stopped

Decryption failed - why? I have the mentioned key nicely visible through
gpg2 ?
Maybe gpg-agent is necessary for this to work. Lets try:
$ eval `gpg-agent --sh --daemon`
$ echo $GPG_AGENT_INFO
/tmp/gpg-7kOvKr/S.gpg-agent:8850:1
$ echo "test" | gpg2 -ear martin at martinpaljak.net | gpg2 -d
gpg: encrypted with 4096-bit RSA key, ID 01212BA2, created 2011-08-10
"Martin Paljak <martin at martinpaljak.net>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

No. Still no luck.
(go to IRC, learn that trying gpg1 might give a different result.
Consecutively learn that maybe I might not need gpg2 at all)

So lets try with gpg1. First, verify that keys are visible:


$ gpg --list-keys martin at martinpaljak.net
pub 4096R/307E3452 2011-08-10
uid Martin Paljak <martin at martinpaljak.net>
uid Martin Paljak <martin.paljak at gmail.com>
uid Martin Paljak <martin.paljak at eesti.ee>
uid [jpeg image of size 8681]
sub 4096R/20D91C31 2011-08-10 [expires: 2016-08-08]
sub 4096R/01212BA2 2011-08-10 [expires: 2014-08-11]

$ gpg --list-secret-keys martin at martinpaljak.net
sec> 4096R/307E3452 2011-08-10
Card serial no. = 0005 00000546
uid Martin Paljak <martin at martinpaljak.net>
uid Martin Paljak <martin.paljak at gmail.com>
uid Martin Paljak <martin.paljak at eesti.ee>
uid [jpeg image of size 8681]
ssb> 4096R/20D91C31 2011-08-10 [expires: 2016-08-08]
ssb> 4096R/01212BA2 2011-08-10 [expires: 2014-08-11]

Yes, available. Lets try decrypting with gpg1 (but continue the failsafe
encryption operation with gpg2 just for fun)
$ echo "test" | gpg2 -ear martin at martinpaljak.net | gpg -d
gpg: detected reader `HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00'
gpg: detected reader `ACS ACR 38U-CCID 01 00'
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 02 00'
gpg: apdu_send_simple(0) failed: no card
Please insert the card and hit return or enter 'c' to cancel:

Again, no card. (learn that gpg1 and gpg2 work entirely differently when
it comes to accessing smart cards and the --reader-port option to gpg1)

Lets try again:
$ echo "test" | gpg2 -ear martin at martinpaljak.net | gpg -d --reader-port
"German Privacy Foundation Crypto Stick v1.2 02 00"
gpg: detected reader `HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00'
gpg: detected reader `ACS ACR 38U-CCID 01 00'
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 02 00'
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: apdu_send_simple(0) failed: locking failed
Please insert the card and hit return or enter 'c' to cancel:

A "sharing violation" error. It turns out that the gpg-agent started
before grabs exclusive access for the reader and is the source of
conflict with gpg1 (even though I have "card-timeout 1" in
~/.gnupg/scdaemon.conf):
$ pstree | grep scdaemon
|-gpg-agent---scdaemon

$ opensc-tool -lv
# Detected readers (pcsc)
Nr. Card Features Name
0 No HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00
1 No ACS ACR 38U-CCID 01 00
2 Yes German Privacy Foundation Crypto Stick v1.2 02 00
3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
[EXCLUSIVE]

OK, clean up:
$ killall gpg-agent
$ unset GPG_AGENT_INFO

And try again:
$ echo "test" | gpg2 -ear martin at martinpaljak.net | gpg -d --reader-port
"German Privacy Foundation Crypto Stick v1.2 02 00"
gpg: detected reader `HP USB Smart Card Keyboard [CCID Interface]
(0817563f) 00 00'
gpg: detected reader `ACS ACR 38U-CCID 01 00'
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 02 00'

Please enter the PIN
gpg: encrypted with 4096-bit RSA key, ID 01212BA2, created 2011-08-10
"Martin Paljak <martin at martinpaljak.net>"
test


FINALLY! I successfully decrypted with GnuPG, with the key on my smart
card! I only lost the nice graphical PIN entry box, instead the PIN code
was asked on the terminal.

So lets take this knowledge to Enigmail and don't override the default
used gpg with gpg2, maybe this way I can use Enigmail as well.

The first try with a clean stup failed, giving the current reader name
in expert options under advanced section finally worked (as you can see,
the e-mail *is* signed, with the right key). I made a small wrapper that
locates the CryptoStick form connected readers to make my life easier,
but I guess this is not a thing for everyone.


So a few questions:

* Is the differences between GnuPG 1 and GnuPG 2 described somewhere,
in the scope of smart card access?
* What should I use then, gpg1 or gpg2? At least generation of keys
required GnuPG 2.0.18 to get the 4096 bit keys.
* Am I lazy, stupid or just unlucky, that the process of getting this
to work was a quite tough experience?
* How to debug the problem with gpg2? How exactly does the interaction
to smart cards happens with GnuPG2? Is the agent *necessary* (I have no
passwords or PIN codes that should be cached, just the hardware token)
* If I was to go and try fix the code to get rid of some of the
annoying bugs regarding handling smart card readers and smart cards, how
should I proceed (like locating the "most appropriate" card reader
automatically)? Should I work with gpg2 or gpg1?
* Does the OpenPGP card (the one sold by g10code.com) also support 4096
bit keys or is the CryptoStick the only device?

I really hope the situation could be cured, so that the solution would
be without eye patches and as standard as possible. Meaning reasonable
sharing of hardware resources though PC/SC between different
applications. Once the actual X509 certificate support for OpenPGP v2.0
cards would be in OpenSC, I would not want to even speculate what kind
of interoperability problems would arise from trying to use a browser
and Enigmail at the same time...

Cheers,
Martin






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOSRhcAAoJEHSCZV4wfjRShp0P/0OME4Sm7UEQ1tKf4IdwaDJx
ytIG93QLe+p9XX41RdDe8npc356zC3xCTFt+0MciuIrSjDzwKp0ZScCVbpj/XwWP
SNaVGFTmSGLc7xr5y5xtF+X6LwL4HHAfnj7tkmIBM52MJvl2BN0dz53XQR628gIJ
d4zAaO++/Bh/I5lA5qNcqKaWX1Osw9HMrgRanOx6b7G/jElmxStO+7hzAkiDDBrA
7h1ndePa8F97Pe4k9oimF1gYdNSV3SLqkjuR3W1drnceq1MDk1+DIe3/TmbLABW8
bq3WyeFnsnyUQsVlA8dqsWTzD1A2VTnp39HZd7vKepG04diGGi197rGls8TkXjFq
UmgEne5YJehJLD8VEzhHXcN6Z+ZTwLUKonHC74erzTarF0ChtDRQnmHYqkoZ31Te
rttKmMVNRuPGSbsDWz5SvBTYorNdFG26Gc1zYEnjbb++AO5vzcs00MwQs1luXKxq
LK+rGSfPbrT5f6XJ9siTZtQi97vfs/EthohRez9ksB3qyhrqLjAQVVOEMAz05ZPJ
QpvzpiUCP9dMg0HdM7r4YkfFi5anGkQd3HjZ9qTGcggTem5wftnYEESKNi5a1GKA
Vg43IHnEYFjM831ZufNAF5Kqam2kgWrIrCQNWdWF4pR4jV2h9WLnIi7tIEIi/vyh
9zoWFG5NAoQPaTXH/E2P
=iBej
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list