OpenPGP Card "CHV* failed: general error"

Mike Cardwell gnupg at lists.grepular.com
Tue Aug 9 22:31:01 CEST 2011


Hi,

My OpenPGP Card (v2) has been working fine for a couple of days now, but
it has stopped tonight.

Simply trying to sign some text gives the following error:

========================================================================
mike at Fuzzbutt:~$ date|gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tue Aug  9 21:19:53 BST 2011
gpg: detected reader `Lenovo Integrated Smart Card Reader 00 00'
gpg: signatures created so far: 32

Please enter the PIN
[sigs done: 32]
gpg: verify CHV1 failed: general error
gpg: signing failed: general error
gpg: [stdin]: clearsign failed: general error
mike at Fuzzbutt:~$
========================================================================

The output of "gpg --card-status" is:

========================================================================
mike at Fuzzbutt:~$ gpg --card-status
gpg: detected reader `Lenovo Integrated Smart Card Reader 00 00'
Application ID ...: D276000124010200000500000D580000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00000D58
Name of cardholder: Mike Cardwell
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 32
Signature key ....: 9845 7968 9D81 214F 1171  CDA2 9D26 2301 C1D1 E704
      created ....: 2011-07-22 12:24:32
Encryption key....: 5ACB CDDD 3FE6 C24D 0FDB  C157 FA37 2B88 0711 5CE9
      created ....: 2011-07-22 12:25:33
Authentication key: DF22 F678 083E 1025 5750  A4A0 124D 48BF 4D72 5086
      created ....: 2011-08-09 15:04:19
General key info..: pub  2048R/C1D1E704 2011-07-22 Mike Cardwell
<mike.cardwell at grepular.com>
sec#  4096R/0018461F  created: 2010-11-02  expires: 2015-11-01
ssb   4096R/01DE408F  created: 2010-11-02  expires: 2015-11-01
ssb>  2048R/C1D1E704  created: 2011-07-22  expires: 2012-07-21
                      card-no: 0005 00000D58
ssb>  2048R/07115CE9  created: 2011-07-22  expires: 2012-07-21
                      card-no: 0005 00000D58
mike at Fuzzbutt:~$
========================================================================

If I try to run any admin commands like "passwd" after doing a gpg
--card-edit, I get the same sort of error, eg:

gpg: verify CHV2 failed: general error

The only thing that I can think I've changed is that I added an
authentication subkey earlier. Previously, I was just using encryption
and signing subkeys. I'm sure it worked for at least a little while
after that though...

Any ideas what it could be? Here is some more info which might be useful:

========================================================================
mike at Fuzzbutt:~$ gpg --version|head -1
gpg (GnuPG) 1.4.11
mike at Fuzzbutt:~$ gpg-agent --version|head -1
gpg-agent (GnuPG) 2.0.14
mike at Fuzzbutt:~$ pcscd --version|head -1
pcsc-lite version 1.7.0.
mike at Fuzzbutt:~$ ps auxwww|egrep -i 'pcsc|gpg|gnupg'
mike      2239  0.0  0.0  13128  1056 pts/0    S+   21:26   0:00 egrep
--color=auto -i pcsc|gpg|gnupg
mike      4946  0.0  0.0  52072  1476 ?        Sl   20:50   0:00 pcscd
mike      6038  0.0  0.0  12092   284 ?        Ss   20:57   0:00
/usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh
--write-env-file=/home/mike/.gnupg/gpg-agent-info-Fuzzbutt
/usr/bin/dbus-launch --exit-with-session gnome-session
--session=classic-gnome
mike      6039  0.0  0.0  18668  1220 ?        Ss   20:57   0:00
/usr/bin/gpg-agent --daemon --sh
--write-env-file=/home/mike/.gnupg/gpg-agent-info-Fuzzbutt
/usr/bin/dbus-launch --exit-with-session gnome-session
--session=classic-gnome
mike at Fuzzbutt:~$
========================================================================

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F



More information about the Gnupg-users mailing list