SCD: no keys detected after key import / key generation

NIIBE Yutaka gniibe at
Wed Dec 12 07:03:24 CET 2012


While testing Gnuk extensively, I found that GnuPG doesn't detect keys
after key import (or key generation).  We need to remove and re-insert
Gnuk Token (or kill and start scdaemon again).

For gpg --card-status, GnuPG keeps saying:

    Signature key ....: [none]
    Encryption key....: [none]
    Authentication key: [none]
    General key info..: [none]

although Gnuk Token has keys.  Even if a user does "gpg-connect-agent
learn /bye", GnuPG doesn't detect keys.

I think that this is because of data handling of KEY-FPR and KEY-TIME
of OpenPGPcard specification.  The data access is a kind of
asymmetric.  When reading, it's accessed as an array of three data,
but when writing, it is accessed individually.  Note that it is not
composite data object.

My theory is that something like following fixes this issue.  After
testing, I will commit this change both of master and

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 141b2b7..98af5e8 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -688,9 +688,9 @@ store_fpr (app_t app, int keynumber, u32 timestamp,
   xfree (buffer);
   tag = (card_version > 0x0007? 0xC7 : 0xC6) + keynumber;
-  flush_cache_item (app, tag);
+  flush_cache_item (app, 0xC5);
   tag2 = 0xCE + keynumber;
-  flush_cache_item (app, tag2);
+  flush_cache_item (app, 0xCD);
   rc = iso7816_put_data (app->slot, 0, tag, fpr, 20);
   if (rc)

More information about the Gnupg-devel mailing list