gnupg 1.4 decryption with smartcard for anonymous recipient
NIIBE Yutaka
gniibe at fsij.org
Fri May 30 15:21:24 CEST 2014
Hello,
While trying git-remote-gcrypt, I found different behaviors between
gpg1.4 and gpg2.0.
With gpg1.4:
------------------------
gcrypt: Decrypting manifest
gpg: anonymous recipient; trying secret key 4CA7BABE ...
gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.18
gpg: anonymous recipient; trying secret key 084239CF ...
gpg: okay, we are the anonymous recipient.
gpg: Signature made Fri May 30 15:59:25 2014 JST using RSA key ID 4CA7BABE
gpg: Good signature from "NIIBE Yutaka <gniibe at fsij.org>"
gpg: aka "NIIBE Yutaka <gniibe at debian.org>"
gcrypt: Failed to decrypt manifest!
------------------------
It fails because exit code is 2.
With gpg2.0:
------------------------
gcrypt: Decrypting manifest
gpg: anonymous recipient; trying secret key 4CA7BABE ...
gpg: anonymous recipient; trying secret key 084239CF ...
gpg: okay, we are the anonymous recipient.
gpg: Signature made Fri May 30 15:59:25 2014 JST using RSA key ID 4CA7BABE
gpg: Good signature from "NIIBE Yutaka <gniibe at fsij.org>"
gpg: aka "NIIBE Yutaka <gniibe at debian.org>"
------------------------
It gets success.
4CA7BABE is a primary key and 084239CF is a decryption subkey,
and both are on smartcard.
SCD PKDECRYPT results ERR for a primary key, but it should not
count as an error, because it's on the trial decryption.
Looking 2.0, here is a possible fix in 1.4. It works for me, (with
git-remote-gcrypt).
diff --git a/g10/cardglue.c b/g10/cardglue.c
index 809b315..60dc6b6 100644
--- a/g10/cardglue.c
+++ b/g10/cardglue.c
@@ -1406,10 +1406,8 @@ agent_scd_pkdecrypt (const char *serialno,
init_membuf (&data, 1024);
snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
line[DIM(line)-1] = 0;
- rc = test_transact (assuan_transact (app->assuan_ctx, line,
- membuf_data_cb, &data,
- NULL, NULL, NULL, NULL),
- "SCD PKDECRYPT");
+ rc = assuan_transact (app->assuan_ctx, line, membuf_data_cb, &data,
+ NULL, NULL, NULL, NULL);
if (rc)
xfree (get_membuf (&data, &len));
else
--
More information about the Gnupg-devel
mailing list