gnupg 1.4 decryption with smartcard for anonymous recipient

NIIBE Yutaka gniibe at fsij.org
Fri May 30 15:21:24 CEST 2014 

Hello,

While trying git-remote-gcrypt, I found different behaviors between
gpg1.4 and gpg2.0.

With gpg1.4:
------------------------
gcrypt: Decrypting manifest
gpg: anonymous recipient; trying secret key 4CA7BABE ...
gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.18
gpg: anonymous recipient; trying secret key 084239CF ...
gpg: okay, we are the anonymous recipient.
gpg: Signature made Fri May 30 15:59:25 2014 JST using RSA key ID 4CA7BABE
gpg: Good signature from "NIIBE Yutaka <gniibe at fsij.org>"
gpg:                 aka "NIIBE Yutaka <gniibe at debian.org>"
gcrypt: Failed to decrypt manifest!
------------------------
It fails because exit code is 2.


With gpg2.0:
------------------------
gcrypt: Decrypting manifest
gpg: anonymous recipient; trying secret key 4CA7BABE ...
gpg: anonymous recipient; trying secret key 084239CF ...
gpg: okay, we are the anonymous recipient.
gpg: Signature made Fri May 30 15:59:25 2014 JST using RSA key ID 4CA7BABE
gpg: Good signature from "NIIBE Yutaka <gniibe at fsij.org>"
gpg:                 aka "NIIBE Yutaka <gniibe at debian.org>"
------------------------
It gets success.


4CA7BABE is a primary key and 084239CF is a decryption subkey,
and both are on smartcard.

SCD PKDECRYPT results ERR for a primary key, but it should not
count as an error, because it's on the trial decryption.

Looking 2.0, here is a possible fix in 1.4.  It works for me, (with
git-remote-gcrypt).


diff --git a/g10/cardglue.c b/g10/cardglue.c
index 809b315..60dc6b6 100644
--- a/g10/cardglue.c
+++ b/g10/cardglue.c
@@ -1406,10 +1406,8 @@ agent_scd_pkdecrypt (const char *serialno,
           init_membuf (&data, 1024);
           snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
           line[DIM(line)-1] = 0;
-          rc = test_transact (assuan_transact (app->assuan_ctx, line,
-                                               membuf_data_cb, &data,
-                                               NULL, NULL, NULL, NULL),
-                              "SCD PKDECRYPT");
+          rc = assuan_transact (app->assuan_ctx, line, membuf_data_cb, &data,
+                                NULL, NULL, NULL, NULL);
           if (rc)
             xfree (get_membuf (&data, &len));
           else
--

More information about the Gnupg-devel mailing list