Required patches for the OpenPG card v2.0

[Werner Koch]

On Sat, 18 Jul 2009 18:36, patrick at mozilla-enigmail.org said:

> have the wrong card inserted (e.g. for decryption), gpg 1.4.9 responds
> with these status messages:
>
> [GNUPG:] ENC_TO 12A7990DF2541241 1 0
> [GNUPG:] CARDCTRL 3 D2760001240101010001000000460000
> [GNUPG:] CARDCTRL 1 D2760001240102000005000000700000
> [GNUPG:] SC_OP_FAILURE
> [GNUPG:] BEGIN_DECRYPTION
> [GNUPG:] DECRYPTION_FAILED
>
>
> Version 2.0.12+ only responds with this:
> [GNUPG:] ENC_TO 12A7990DF2541241 1 0
> [GNUPG:] BEGIN_DECRYPTION
> [GNUPG:] DECRYPTION_FAILED
> [GNUPG:] END_DECRYPTION

Yo used 1.4.9 without scdaemon support; if you would have used it with
gpg-agent/scdaemon, the output would be similar to:

  [GNUPG:] ENC_TO 10B671F6860B1CFE 1 0
  [GNUPG:] CARDCTRL 3 
  [GNUPG:] SC_OP_FAILURE
  [GNUPG:] BEGIN_DECRYPTION
  [GNUPG:] DECRYPTION_FAILED
  [GNUPG:] END_DECRYPTION

Thus the CARDCTRL 1 is also missing.  I changed gpg2 to emit:

  [GNUPG:] ENC_TO 10B671F6860B1CFE 1 0
  [GNUPG:] CARDCTRL 3 D2760001240101010001000003470000
  [GNUPG:] SC_OP_FAILURE
  [GNUPG:] BEGIN_DECRYPTION
  [GNUPG:] DECRYPTION_FAILED
  [GNUPG:] END_DECRYPTION
  
Which is basically the same.  It just adds the s/n of the current card
to CARDCTRL 3.

The question now is what to do with the cardctrl values used on a
standalone gpg:

  CARDCTRL 1 = Request insertion of a card.  Serialnumber may be given
               to request a specific card.
  CARDCTRL 2 = Request removal of a card.

With scdaemon handling all access to the cards, including the PIN
question, it would make sense to have scdaemon ask for inserting the
right card as well.  To allow for a bit of unattended operation this
needs to be suppressed if --batrch is given to gpg.  Do you see any
problem with such an approach?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.