OpenPGP Card "CHV* failed: general error"
Werner Koch
wk at gnupg.org
Wed Aug 10 09:49:44 CEST 2011
On Tue, 9 Aug 2011 22:31, gnupg at lists.grepular.com said:
> gpg: verify CHV1 failed: general error
> gpg: signing failed: general error
> gpg: [stdin]: clearsign failed: general error
I suggest that you use gpg2 and not gpg. You should also update GnuPG
to at least 2.0.17. 2.0.14 is quite problematic because it has a
regression which may lead to unaccessible keys created with that
version. However, I don't think that is the cause of the problem.
Let's debug it. Please put the lines
verbose
debug 2048
log-file /foo/scdaemon.log
into ~/.gnupg/scdaemon.conf and kill a running scdaemon. Then run your
signing command again. In the log file you should find output similar
to this:
scdaemon[17805]: DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0
scdaemon[17805]: DBG: raw apdu: 00 20 00 81 06 3x 3x 3x 3x 3x 3x
This is a command as send to the card. The c=00 i=20 indicates the
verify command which fails for you. If it works the next line would be
a
scdaemon[17805]: DBG: response: sw=9000 datalen=0
However your SW will be different. What is it?
In this example above I redacted the actual pin using an 'x'. You
should do the same if you want to mail the log snippet: Look at the raw
apdu:
00 20 00 81 06 3x 3x 3x 3x 3x 3x
! ! ! ! ! !~~~~~~~~~~~~~~~!---- The PIN in hex format (redacted)
! ! ! ! !----------------------- The length of the PIN
! ! ! !-------------------------- Parameter P2
! ! !----------------------------- Parameter P1
! !---------------------------------Instruction byte
!------------------------------------Class byte
However, most important to see is the status word (sw) which is the
response of the card.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list