poldi-ctrl error - No public key

Chris Ruff jcruff at gmail.com
Sat Apr 3 21:01:55 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/01/2010 07:33 PM, Chris Ruff wrote:
> On 04/01/2010 03:00 PM, Chris Ruff wrote:
>> I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
>> 'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
>> --card-status' has no problems.  Any ideas?
> 
>> $ poldi-ctrl -s
>> D2760001240102000005000003740000
> 
>> $ poldi-ctrl -d --debug
>> poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
>> socket '/tmp/gpg-rtKTrS/S.scdaemon'
>> poldi-ctrl: error: failed to retrieve key from card: No public key
>> poldi-ctrl: error: failed to retrieve key from card: No public key
> 
> 
>> Thanks
> 
> Here's the scdaemon debug output:
> 
> scdaemon[27120.0] DBG: <- GETINFO socket_name
> scdaemon[27120.0] DBG: -> D /tmp/gpg-s3IPzO/S.scdaemon
> scdaemon[27120.0] DBG: -> OK
> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 started
> scdaemon[27120.10] DBG: -> OK GNU Privacy Guard's Smartcard server ready
> scdaemon[27120.0] DBG: <- RESTART
> scdaemon[27120.0] DBG: -> OK
> scdaemon[27120.10] DBG: <- SERIALNO
> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- LEARN --force
> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
> scdaemon[27120.10] DBG: -> S APPTYPE OPENPGP
> scdaemon[27120.10] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0
> scdaemon[27120.10] DBG: -> S DISP-NAME Ruff<<John
> scdaemon[27120.10] DBG: -> S DISP-LANG en
> scdaemon[27120.10] DBG: -> S DISP-SEX 1
> scdaemon[27120.10] DBG: -> S PUBKEY-URL pool.sks-keyservers.net
> scdaemon[27120.10] DBG: -> S LOGIN-DATA techniq
> scdaemon[27120.10] DBG: -> S KEY-FPR 1
> 65308DA8805C707F36119851D057FC41052A4FAD
> scdaemon[27120.10] DBG: -> S KEY-FPR 2
> 3A7B53782F1724779F97DD3FB592E49161225DF3
> scdaemon[27120.10] DBG: -> S KEY-FPR 3
> 1DDC15D1FA25D0C4A72AAC5C862529C0116346E7
> scdaemon[27120.10] DBG: -> S KEY-TIME 1 1264299016
> scdaemon[27120.10] DBG: -> S KEY-TIME 2 1270162182
> scdaemon[27120.10] DBG: -> S KEY-TIME 3 1270162439
> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
> p2=C4 lc=-1 le=256 em=0
> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 C4 00
> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=7
> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  00 20 20 20 03 00 03
> scdaemon[27120.10] DBG: -> S CHV-STATUS +0+32+32+32+3+0+3
> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
> p2=7A lc=-1 le=256 em=0
> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 7A 00
> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=5
> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  93 03 00 00 7A
> scdaemon[27120.10] DBG: -> S SIG-COUNTER 122
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- READKEY OPENPGP.3
> 2010-04-01 19:32:51 scdaemon[27120] app_readkey failed: No public key
> scdaemon[27120.10] DBG: -> ERR 100663305 No public key <SCD>
> scdaemon[27120.10] DBG: <- RESTART
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- BYE
> scdaemon[27120.10] DBG: -> OK closing connection
> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 terminated
> 
> 

OK, so the OpenSuSE build of gnupg is 2.0.12 and would fail when trying
to issue the command 'SCD READKEY OPENPGP.3' via gpg-connect-agent.  I
don't know if this was a incomplete build or what.  Not surprised though
since generation a key on the smartcard didn't prompt for the RSA key
size.  So I built gnupg-2.0.15 and whola! It works!

For OpenSuSE 11.x you'll want to edit '/etc/pam.d/common-auth-smartcard'
to contain only the line:

    auth    required    pam_poldi.so

Then unlink 'common-auth' from 'common-auth-pc' and then link to
'common-auth-smartcard'.

The only thing I can't figure out is how to get this to work for the
screensaver unlock.  I'm using Gnome/GDM.  Any ideas?
- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLt5CfAAoJEP0hJbwGIfWFp2UH/i1zlE6/s1D991eubTFldekI
J+wvPp9wDLtL2kbhNJ6z8zfiHyNGAFE4UGm8K5lvvXoT9fzyBKVMg/DWXK/0I2u8
lzHJBy0+KV5j7YSFQQuq8dX3P2Cn8CdsXt9ax+yXPchSsmYBAGhMRu+z2fh7j6Rr
0tVtCxGdyGS+LoAhg2vj5Lzf7v11eaCElAHoxRisDjQ3t+2IIzdM4dUCZo4qs4EM
1QiikzN5way9T/NYaj/re3LFS3183UBHEoitHfgbX6yz0J/63uvxuOXdGZAP/sU0
hA+0di4gzdNRt5L1xL/LO/PjSIVUnI8+7Lhi0WFy9ZzN+OnlYkTjsz2gjY2pe3g=
=p8Vh
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list