Is it possible to force decryption with the wrong key type
Michel Messerschmidt
lists at michel-messerschmidt.de
Mon Jun 15 01:19:35 CEST 2009
On Fri, Jun 05, 2009 at 05:33:07PM +0200, Werner Koch wrote:
> On Fri, 5 Jun 2009 14:41, lists at michel-messerschmidt.de said:
>
> > I don't think gpg has problem identifying and finding the secret key,
> > but it refuses to decrypt a message with a key that had no encryption
> > capability set during key creation.
>
> Your secret key is on a card? Right, then it would not work.
Several experiments later, I still found no solution. Even if I patch
scdaemon to skip the fp check and force verification of CHV1 and CHV2,
the card refuses to decrypt the data:
scdaemon[22828.0] DBG: <- PKDECRYPT D276000124010101000100000A510000/D37D19881B8093EFC6C5C89EFD377E2D96C5988D
2009-06-15 00:54:06 scdaemon[22828] DBG: send apdu: c=00 i=2A p0=80 p1=86 lc=129 le=256 em=0
2009-06-15 00:54:06 scdaemon[22828] DBG: APDU_data: [...]
2009-06-15 00:54:07 scdaemon[22828] DBG: response: sw=6985 datalen=0
2009-06-15 00:54:07 scdaemon[22828] operation decipher result: Conditions of use not satisfied
2009-06-15 00:54:07 scdaemon[22828] card_create_signature failed: Conditions of use not satisfied
scdaemon[22828.0] DBG: -> ERR 100663427 Conditions of use not satisfied <SCD>
If I understand the OpenPGP card specification correctly, there is no
way to select the key to use but this is up to the card OS.
Therefore I will give up on this.
BTW: The error message "card_create_signature failed" in scd/command.c
is a bit misleading IMHO. I had expected something like "decryption
failed".
Thanks for your help,
Michel
More information about the Gnupg-users
mailing list