Key generation on card fails with key sizes larger than 1024 bits

Sevan / Venture37 venture37 at gmail.com
Mon Jun 13 20:12:43 CEST 2011


On 19 May 2011 08:59, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 19 May 2011 00:26, venture37 at gmail.com said:
>
>> for FreeBSD, the implementation of libusb has diverged/lagged (i'm not
>> sure which tbh) where anything that depends on a recent version of
>> libusb is broken on anything newer than FreeBSD 7.x, this includes
>> pcscd which can't be built with USB support on newer versions.
>
> This might as weel be the problem with the internal CCID driver.  The
> last time I tested an USB reader on my laptop was with 7.0 I think.

I've still not made any progress with this on the *BSD side, however I
had the opportunity to try my SCR335 on a friends ThinkPad running
OpenSUSE 11.4, I was also unable to generate 2048bit keys on the card
there as well.

System details
openSUSE 11.4 (x86_64)
VERSION = 11.4
CODENAME = Celadon

Linux vader.site 2.6.37.6-0.5-desktop #1 SMP PREEMPT 2011-04-25
21:48:33 +0200 x86_64 x86_64 x86_64 GNU/Linux

gpg (GnuPG) 2.0.17
libgcrypt 1.4.6
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
       CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

S | Name         | Type    | Version    | Arch   | Repository
--+--------------+---------+------------+--------+------------------
i | libusb-0_1-4 | package | 0.1.13-9.1 | x86_64 | openSUSE-11.4-Oss


Attempting to generate keys resulted in the following error:

scdaemon[5968]: please wait while key is being generated ...
scdaemon[5968]: ccid_transceive failed: (0x1000a)
scdaemon[5968]: apdu_send_simple(0) failed: card I/O error
scdaemon[5968]: generating key failed

So I configured scdaemon.conf with the values you suggested &
reattempted, below is a snippet from where it failed, I can post the
whole log file if required

2011-06-09 21:10:21 scdaemon[6556] please wait while key is being generated ...
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   dwLength ..........: 15
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSlot .............: 0
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSeq ..............: 140
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bBWI ..............: 0x04
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   wLevelParameter
...: 0x0000
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   [0010]  00 00 0B 00 47 80
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   [0016]  00 00
00 02 B6 00 08 00 70
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver: RDR_to_PC_DataBlock:
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   dwLength ..........: 5
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSlot .............: 0
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSeq ..............: 140
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bStatus ...........: 0
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bChainParameter ...: 0x04
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   [0010]  00 C3 01 64 A6
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver: T=1: S-block
request received cmd=3
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver: T=1: waittime
extension of bwi=100
scdaemon[6556]: chan_7 -> S PROGRESS card_busy w 0 0
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   dwLength ..........: 5
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSlot .............: 0
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bSeq ..............: 141
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   bBWI ..............: 0x04
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   wLevelParameter
...: 0x0000
2011-06-09 21:10:21 scdaemon[6556] DBG: ccid-driver:   [0010]  00 E3 01 64 86
2011-06-09 21:10:26 scdaemon[6556] DBG: ccid-driver: usb_bulk_read
error: Connection timed out
2011-06-09 21:10:26 scdaemon[6556] ccid_transceive failed: (0x1000a)
2011-06-09 21:10:26 scdaemon[6556] apdu_send_simple(0) failed: card I/O error
2011-06-09 21:10:26 scdaemon[6556] generating key failed
2011-06-09 21:10:26 scdaemon[6556] operation genkey result: Card error
scdaemon[6556]: chan_7 -> ERR 100663404 Card error <SCD>
2011-06-09 21:10:26 scdaemon[6556] DBG: ccid-driver: usb_bulk_read
error: Connection timed out
2011-06-09 21:10:26 scdaemon[6556] DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
2011-06-09 21:10:27 scdaemon[6556] DBG: ccid-driver: bulk-in seqno
does not match (143/141)
2011-06-09 21:10:27 scdaemon[6556] DBG: ccid-driver: bulk-in seqno
does not match (143/142)
scdaemon[6556]: chan_7 <- RESTART
scdaemon[6556]: chan_7 -> OK
scdaemon[6556]: chan_7 <- [eof]
2011-06-09 21:10:32 scdaemon[6556] handler for fd -1 terminated
2011-06-09 21:10:32 scdaemon[6556] scdaemon (GnuPG) 2.0.17 stopped


Sevan



More information about the Gnupg-users mailing list