pinentry fails for tpm protected key

James Bottomley James.Bottomley at HansenPartnership.com
Thu Dec 30 19:09:23 CET 2021


On Thu, 2021-12-30 at 00:03 -0700, Joshua Rubin via Gnupg-devel wrote:
> > Based on this, my best guess is that whatever is on the other end
> > of libsecret doesn't like binary key grips.  There's no harm in
> > converting them all to ASCII, does this fix your problem?
> 
> That seems to get things set in the 3rd party password cache now.
> However, I'm now receiving this error:
> 
> Dec 29 22:49:53 balerion gpg-agent[3755873]: WARNING:esys:src/tss2-
> esys/api/Esys_Sign.c:311:Esys_Sign_Finish() Received TPM Error
> Dec 29 22:49:53 balerion gpg-agent[3755873]: ERROR:esys:src/tss2-
> esys/api/Esys_Sign.c:105:Esys_Sign() Esys Finish ErrorCode
> (0x000001d5)
> Dec 29 22:49:53 balerion gpg-agent[3755873]: TPM2_Sign failed with
> 469

I'm afraid I'm not very familiar with the Intel TSS, since my gpg code
always uses the IBM TSS, which gives very verbose error messages, but
this looks like a TPM error.

> Dec 29 22:49:53 balerion gpg-agent[3755873]:
> tpm:parameter(1):structure is the wrong size

right, TPM_RC_SIZE, which means the digest is the wrong size or the TPM
doesn't understand the digest algorithm ... what digest are you using?

James





More information about the Gnupg-devel mailing list