trouble with gnu-agent and etoken

rayven rayven at organicengineer.com
Fri Apr 17 16:58:04 CEST 2009


I have been trying to get gpg working with my etoken.  I'm thinking is
something to do with pinenrty or gpg-agent.  any and all help will be
greatly appreciated.

so far here is where i am:

Let me know which systems you'd like info about and I'll post the version
numbers and such.

I've used the slackbuild scripts for gnupg, openct 0.6.15, opensc 0.11.7,
pinentry 0.7.5

built from source :      gnupg-pkcs11-scd-0.06

I'm not sure i have the card setup properly i've initilized it a few times
on my windows box.  I've added pgp keys to it.

I've used the pkcs-init tool to generate a keypair on it and ad a cert.pem
certificate to it.

but....

when i go to gpg2 --card-edit
and run a generate command if get this (after answering the questions):

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: DBG: got status line `KEY-FPR 8FDA0003BA061700DFF01B1C87EC43DF61D323FD'
gpg: DBG: got status line `KEY-CREATED-AT 1239979297'
gpg: DBG: got status line `SERIALNO D2760001240111111111111111111111 0'
gpg: DBG: got status line `KEY-DATA n
0097E205092E2C3ED8574CC33F10A08FC160CB50ADAC83A85E50EB71589CC3FB6311B319E3C7CE3F0A818D642C26D28B7B47483480BCBE88C1AE90907F06B6D6BA9AED5987C03FDE2BB0220A6FA0D9DC2C4ACA03313E7F80D34FA8CB7E3646A2CBE89C58880462D00891504996350D9A17180EAC4AD4332A745D67D28D7629A073'
gpg: DBG: got status line `KEY-DATA e 010001'
gpg: checking created signature failed: Bad signature
gpg: signing failed: Bad signature
gpg: make_keysig_packet failed: Bad signature
Key generation failed: Bad signature

Sometimes i get a pinentry box and i get a different error messge (sorry
coudn't reproduce this one anymore):
Basically is said something about and improperly formated ICP line.


----------------------------------------------------------------------------------------------------------
Some other debug stuff

root at bertha:~# gpg-connect-agent
> scd learn
S SERIALNO D2760001240111111111111111111111 0
S APPTYPE PKCS11
S KEY-FRIEDNLY 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Alex Pennington on OpenSC
Card
S KEY-FPR 3 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
S KEYPAIRINFO 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
OpenSC\x20Project/PKCS\x2315/2556CE181507/OpenSC\x20Card/45
OK
>
----------------------------------------------------------------------------------------------------------------------
root at bertha:~# pkcs11-tool -t --login
[opensc-pkcs11] reader-pcsc.c:887:pcsc_detect_readers: SCardEstablishContext
failed: 0x8010001d
[opensc-pkcs11] reader-pcsc.c:996:pcsc_detect_readers: returning with: No
readers found
[opensc-pkcs11] reader-pcsc.c:887:pcsc_detect_readers: SCardEstablishContext
failed: 0x8010001d
[opensc-pkcs11] reader-pcsc.c:996:pcsc_detect_readers: returning with: No
readers found
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (Private Key)
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-X-509: ERR: verification failed
    RSA-PKCS: ERR: verification failed
    SHA1-RSA-PKCS: ERR: verification failed
    MD5-RSA-PKCS: ERR: verification failed
    RIPEMD160-RSA-PKCS: ERR: verification failed
Verify (currently only for RSA):
  testing key 0 (Private Key)
    RSA-X-509:   ERR: C_Verify() returned CKR_GENERAL_ERROR (0x5)
Key unwrap (RSA)
  testing key 0 (Private Key)  -- can't be used to unwrap, skipping
Decryption (RSA)
  testing key 0 (Private Key)  -- can't be used to decrypt, skipping
Testing card detection
Please press return to continue, x to exit:
Available slots:
Slot 0           Aladdin eToken PRO 64k
  token label:   OpenSC Card
  token manuf:   OpenSC Project
  token model:   PKCS#15
  token flags:   token initialized
  serial num  :  2556CE181507
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)
Slot 8           (empty)
Slot 9           (empty)
Slot 10          (empty)
Slot 11          (empty)
Slot 12          (empty)
Slot 13          (empty)
Slot 14          (empty)
Slot 15          (empty)
Please press return to continue, x to exit:
-----------------------------------------------------------------------------------------------------------------------------------------
# ./.gnupg/gnupg-pkcs11-scd.conf
# Log file.
#log-file log1

# Default is not verbose.
verbose

# Default is no debugging.
debug-all

# Pin cache period in seconds; default is infinite.
#pin-cache 20

# Comma-separated list of available provider names. Then set
# attributes for each provider using the provider-[name]-attribute
# syntax.
providers opensc

# Provider attributes (see below for detailed description)
provider-opensc-library /usr/lib/opensc-pkcs11.so


# Example gnupg-pkcs11-scd.conf file
#providers p1
#provider-p1-library /usr/lib/libetpkcs11.so.3-60.14
#provider-p1-library /usr/lib/libetpkcs11.so
 
emulate-openpgp
openpgp-sign 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
openpgp-encr 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
openpgp-auth 8FDA0003BA061700DFF01B1C87EC43DF61D323FD
--------------------------------------------------------------------------------------------------------------------
#./gnupg/gpg-agent.conf
scdaemon-program /usr/bin/gnupg-pkcs11-scd
pinentry-program /usr/bin/pinentry
--------------------------------------------------------------------------------------------------------------------




-- 
View this message in context: http://www.nabble.com/trouble-with-gnu-agent-and-etoken-tp23099347p23099347.html
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list