poldi-ctrl error - No public key

Chris Ruff jcruff at gmail.com
Sun Apr 4 02:28:19 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2010 03:01 PM, Chris Ruff wrote:
> On 04/01/2010 07:33 PM, Chris Ruff wrote:
>> On 04/01/2010 03:00 PM, Chris Ruff wrote:
>>> I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
>>> 'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
>>> --card-status' has no problems.  Any ideas?
> 
>>> $ poldi-ctrl -s
>>> D2760001240102000005000003740000
> 
>>> $ poldi-ctrl -d --debug
>>> poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
>>> socket '/tmp/gpg-rtKTrS/S.scdaemon'
>>> poldi-ctrl: error: failed to retrieve key from card: No public key
>>> poldi-ctrl: error: failed to retrieve key from card: No public key
> 
> 
>>> Thanks
> 
>> Here's the scdaemon debug output:
> 
>> scdaemon[27120.0] DBG: <- GETINFO socket_name
>> scdaemon[27120.0] DBG: -> D /tmp/gpg-s3IPzO/S.scdaemon
>> scdaemon[27120.0] DBG: -> OK
>> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 started
>> scdaemon[27120.10] DBG: -> OK GNU Privacy Guard's Smartcard server ready
>> scdaemon[27120.0] DBG: <- RESTART
>> scdaemon[27120.0] DBG: -> OK
>> scdaemon[27120.10] DBG: <- SERIALNO
>> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- LEARN --force
>> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
>> scdaemon[27120.10] DBG: -> S APPTYPE OPENPGP
>> scdaemon[27120.10] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0
>> scdaemon[27120.10] DBG: -> S DISP-NAME Ruff<<John
>> scdaemon[27120.10] DBG: -> S DISP-LANG en
>> scdaemon[27120.10] DBG: -> S DISP-SEX 1
>> scdaemon[27120.10] DBG: -> S PUBKEY-URL pool.sks-keyservers.net
>> scdaemon[27120.10] DBG: -> S LOGIN-DATA techniq
>> scdaemon[27120.10] DBG: -> S KEY-FPR 1
>> 65308DA8805C707F36119851D057FC41052A4FAD
>> scdaemon[27120.10] DBG: -> S KEY-FPR 2
>> 3A7B53782F1724779F97DD3FB592E49161225DF3
>> scdaemon[27120.10] DBG: -> S KEY-FPR 3
>> 1DDC15D1FA25D0C4A72AAC5C862529C0116346E7
>> scdaemon[27120.10] DBG: -> S KEY-TIME 1 1264299016
>> scdaemon[27120.10] DBG: -> S KEY-TIME 2 1270162182
>> scdaemon[27120.10] DBG: -> S KEY-TIME 3 1270162439
>> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
>> p2=C4 lc=-1 le=256 em=0
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 C4 00
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=7
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  00 20 20 20 03 00 03
>> scdaemon[27120.10] DBG: -> S CHV-STATUS +0+32+32+32+3+0+3
>> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
>> p2=7A lc=-1 le=256 em=0
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 7A 00
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=5
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  93 03 00 00 7A
>> scdaemon[27120.10] DBG: -> S SIG-COUNTER 122
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- READKEY OPENPGP.3
>> 2010-04-01 19:32:51 scdaemon[27120] app_readkey failed: No public key
>> scdaemon[27120.10] DBG: -> ERR 100663305 No public key <SCD>
>> scdaemon[27120.10] DBG: <- RESTART
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- BYE
>> scdaemon[27120.10] DBG: -> OK closing connection
>> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 terminated
> 
> 
> 
> OK, so the OpenSuSE build of gnupg is 2.0.12 and would fail when trying
> to issue the command 'SCD READKEY OPENPGP.3' via gpg-connect-agent.  I
> don't know if this was a incomplete build or what.  Not surprised though
> since generation a key on the smartcard didn't prompt for the RSA key
> size.  So I built gnupg-2.0.15 and whola! It works!
> 
> For OpenSuSE 11.x you'll want to edit '/etc/pam.d/common-auth-smartcard'
> to contain only the line:
> 
>     auth    required    pam_poldi.so
> 
> Then unlink 'common-auth' from 'common-auth-pc' and then link to
> 'common-auth-smartcard'.
> 
> The only thing I can't figure out is how to get this to work for the
> screensaver unlock.  I'm using Gnome/GDM.  Any ideas?

Well, it appears the screensaver does work except the prompt does ask
for "PIN" as does the gdm login prompt, so it just say "Password".
however, inputting the PIN does unlock the screensaver.

Sometimes typing/explaining the issue(s) enlightens one to the
resolution.  Hope this helps someone else.

- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLt90bAAoJEP0hJbwGIfWF2E4H/A3iT3be6apEgdLNrlOEl8xA
FF7UTdE09F95EUAhepNKSVyttknDbtoRzqPWJE13l84mH95Qadm2F5lGf2Mw2z0p
zkl9xZCvfOPT1CIiEd8s4owv9XngbuJAr1Gj84iCTCkT+ssd4L3Ip5fJOilO9eAl
X/4giBKr8jvlH8MpyK5562DAcvmfb4T4D96lR5ieJLVDvL+UyF3Moc+LjTme9z5J
RYYHz3AUFedqzJgId5LlPP23X643zWxBZefZ8ywQHz2Wv2XVNfSVRi3N1s8ChKM6
p+Yff7LhgwYv7Qn79BBygV4ubSVA1T5luR8dIuxVPXFU1dh1sWHCFrokeWIgaaw=
=Aubw
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list