pinentry fails for tpm protected key
James Bottomley
James.Bottomley at HansenPartnership.com
Thu Dec 30 19:23:20 CET 2021
On Thu, 2021-12-30 at 11:16 -0700, Joshua Rubin via Gnupg-devel wrote:
> > right, TPM_RC_SIZE, which means the digest is the wrong size or the
> > TPM doesn't understand the digest algorithm ... what digest are you
> > using?
>
> Oh, I was messing with that the other day... thanks for the reminder.
> I pretty much gave up in frustration with that effort. Is there any
> way I can check to see what digest is actually being used by a key?
Not short of adding a print of digestlen in the code.
>
> My config has these lines, so I'm certain it's SHA512, but finding a
> way to actually see this info would be immensely useful.
>
> personal-digest-preferences SHA512
Pretty much no laptop TPM will support this, so I'd cut that down to
SHA256 which is guaranteed to be supported by every TPM.
> digest-algo SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
> CAST5 BZIP2 ZLIB ZIP Uncompressed
>
> Any error that suggests that this is the issue would be much more
> helpful then what I found.
>
> Also, is there any way to find out what algos the tpm supports?
it's listed in the algorithm capabilities. With the IBM TSS, that's
tssgetcapability -cap 0|grep ALG_SHA
James
More information about the Gnupg-devel
mailing list