OpenPGP Card "CHV* failed: general error"

Werner Koch wk at gnupg.org
Wed Aug 10 09:49:44 CEST 2011


On Tue,  9 Aug 2011 22:31, gnupg at lists.grepular.com said:

> gpg: verify CHV1 failed: general error
> gpg: signing failed: general error
> gpg: [stdin]: clearsign failed: general error

I suggest that you use gpg2 and not gpg.  You should also update GnuPG
to at least 2.0.17.  2.0.14 is quite problematic because it has a
regression which may lead to unaccessible keys created with that
version.  However, I don't think that is the cause of the problem.

Let's debug it.  Please put the lines

verbose
debug 2048
log-file /foo/scdaemon.log

into ~/.gnupg/scdaemon.conf and kill a running scdaemon.  Then run your
signing command again.  In the log file you should find output similar
to this:

  scdaemon[17805]: DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0
  scdaemon[17805]: DBG:  raw apdu: 00 20 00 81 06 3x 3x 3x 3x 3x 3x

This is a command as send to the card.  The c=00 i=20 indicates the
verify command which fails for you.  If it works the next line would be
a

  scdaemon[17805]: DBG:  response: sw=9000  datalen=0

However your SW will be different.  What is it?

In this example above I redacted the actual pin using an 'x'.  You
should do the same if you want to mail the log snippet: Look at the raw
apdu:

   00 20 00 81 06 3x 3x 3x 3x 3x 3x
   !  !  !  !  !  !~~~~~~~~~~~~~~~!---- The PIN in hex format (redacted)
   !  !  !  !  !----------------------- The length of the PIN
   !  !  !  !-------------------------- Parameter P2 
   !  !  !----------------------------- Parameter P1
   !  !---------------------------------Instruction byte
   !------------------------------------Class byte

However, most important to see is the status word (sw) which is the
response of the card.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list