Patches gpg-agent + scute for ssl/tls auth using opengpg card with 2048 rsa key

Oliver Winker oliverml1 at
Fri Sep 12 21:07:48 CEST 2014

Hi Werner,

Just made a test using a scute-1.4.0 with your patch applied and an unpatched 
gnupg2-2.0.26, but it didn't work:

 A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested 
function could not be performed. Trying the same operation again might 

Also still tried then with my patched gnupg2-2.0.26, but same result. Probably 
it fails somewhere inside scute. 

Unfortunately probably I'll won't have so much time during this weekend, but I 
could try to trace it during next week. Last time I used the SCUTE_DEBUG 
facility and via stracing iceweasel, gpg-agent and scdaemon one could get 
already some view on the messaging.

Best Regards, Oliver

On Friday 12 September 2014 15:50:17 Werner Koch wrote:
> On Sun, 31 Aug 2014 12:04, oliverml1 at said:
> > I prefer to leave the tuning of the details to the specialists ;).
> Well, I coded something up but did not test it.  Can you please apply
> the attached patch to Scute and try it?  No need for any GnuPG patches.
> Salam-Shalom,
>    Werner
> >From a797aae1476601cdde7152174c02c5cc4447bcc5 Mon Sep 17 00:00:00 2001
> From: Werner Koch <wk at>
> Date: Fri, 12 Sep 2014 15:46:41 +0200
> Subject: [PATCH] Allow signing with other algorithms than MD5+SHA1.
> * src/support.h (STR, STR2): NEw.
> * src/agent.c (sha1_prefix, sha224_prefix, sha256_prefix)
> (sha384_prefix, sha512_prefix): New.
> (scute_agent_sign): Increase MAX_DATA_LEN to 64.  Determine hash
> algorithm by checking the ASN.1 prefixes.
> ---

More information about the Gnupg-devel mailing list