scd bug: specifying 'e length' for RSA key-attr unsupported

Trevor Bentley trevor at yubico.com
Fri Jun 29 13:33:01 CEST 2018 

Hi everyone,

I'm trying to use GPG with smartcards, and ran across what appears to be 
a bug in scdaemon when using both RSA and ECC keys.

Specifically, the KEY-ATTR command does not accept 'e bit length' as an 
argument.  scdaemon simply re-uses whichever value the card defaults to 
if you change the RSA  key length... but the real bug here is that when 
switching back to RSA from an EC algorithm, scdaemon hardcodes the 'e 
bit length' to 32.

This is in scd/app-openpgp.c:change_rsa_keyattr(), line 3254 (GnuPG 2.2.8).

This is problematic for smartcards that don't support an 'e length' of 
32.  The attribute change is rejected because of the unsupported value, 
and the card is effectively stuck with an EC curve unless completely 
reset.  Example output of this failing is in the snippet below my signature.

Note that this is a likely case: the OpenPGP on Smart Card spec (v3.3.1) 
specifies 65537 (bit length 17) as the only value required to be 
supported, and as the default to use if none is specified.  The protocol 
does not support specifying 'none', so GPG does have to specify 
something when changing the algorithm.

It is also a limitation for cards that support multiple 'e' lengths, in 
that there is no way to change it from the default.  That is more of a 
missing feature than a bug.  There is a strange edge case of smartcards 
that support both lengths of 17 and 32 bits: you can change from 17 to 
32 by changing the algo from RSA -> ECC -> RSA, and then you are 
permanently switched to a 32-bit e length.

I believe this needs to be fixed in one of two ways:
1) add an 'e length' argument to KEY-ATTR (and possibly a matching UI)
2) use '17' instead of '32' as the hard-coded length, since all cards 
are required to support it

Please let me know if this makes sense, or if I'm mistaken about something.

Thanks,

Trevor

--
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 1 1 rsa2048" /bye
OK
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 1 19 nistp256" /bye
OK
$ gpg-connect-agent "SCD SETATTR KEY-ATTR --force 1 1 rsa2048" /bye
ERR 100663351 Invalid value <SCD>
--

--
scdaemon[56643] DBG: send apdu: c=00 i=DA p1=00 p2=C1 lc=6 le=-1 em=0
scdaemon[56643] DBG:   PCSC_data: 00 DA 00 C1 06 01 08 00 00 11 00
scdaemon[56643] DBG:  response: sw=9000  datalen=0
scdaemon[56643] DBG:     dump:
scdaemon[56643] key attribute changed (key=1)
...
scdaemon[56643] DBG: send apdu: c=00 i=DA p1=00 p2=C1 lc=10 le=-1 em=0
scdaemon[56643] DBG:   PCSC_data: 00 DA 00 C1 0A 13 2B 24 03 03 02 08 01 
01 07
scdaemon[56643] DBG:  response: sw=9000  datalen=0
scdaemon[56643] DBG:     dump:
scdaemon[56643] key attribute changed (key=1)
...
scdaemon[56643] DBG: send apdu: c=00 i=DA p1=00 p2=C1 lc=6 le=-1 em=0
scdaemon[56643] DBG:   PCSC_data: 00 DA 00 C1 06 01 08 00 00 20 00
scdaemon[56643] DBG:  response: sw=6A80  datalen=0
scdaemon[56643] error changing key attribute (key=1)
--

More information about the Gnupg-devel mailing list