Omnikey 3821 with OpenPGP Card and Pin Pad Entry

Thu Oct 24 09:22:23 CEST 2013

On 24/10/13 06:48, Tristan Santore wrote:
> Dear All,
>
> I have finally had time to play with the Omnikey 3821 and my OpenPGP
> cards. Yesterday, I somehow managed to get the Omnikey reader to accept
> pinpad entries. I suspect it was the enable-pinpad-varlen option in
> ~/.gnupg/scdaemon.conf, which did this. This worked for setting the
> password on card, but would not accept the password for an Auth Key I
> generated, that is expert mode then deselect (E) and (S) to leave the
> (A)uthentication bit.
>
> When I now set the enable-pinpad-varlen I keep getting:
>
>
> debug1: Offering RSA public key: cardno:00050XXXXXXXX
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Server accepts key: pkalg ssh-rsa blen 535
> debug2: input_userauth_pk_ok: fp
> da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75
> debug3: sign_and_send_pubkey: RSA
> da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75
> Agent admitted failure to sign using the key.
> debug1: Trying private key: /home/blah.....
>
> Also, when I try gpg2 --card-edit, pinentry does not ask me to enter the
> pin, with the pinpad showing the request on the Omnikey's LCD screen.
>
> When I remove the enable-pinpad-varlen option from
> ~/gnupg/scdaemon.conf, pinpad-gtk pops up and asks me to enter the password.
>
> Is there something I missed ? It worked fine yesterday, minus the Auth
> pin issue. I was hoping to finally get there with the setup and be able
> to use the pinpad for pin entries.
>
> Any insights of you all, would be most appreciated.
>
> If I can provide you with any further output, which might help, let me
> know how and what you need, and I will be most happy to oblige.
>
> Thank you in advance.
>
> Regards,
>
> Tristan
>
To answer my own question! After prodding around and searching for
answers, this appears to be an issue with gnupg2.0.22. There is also a
bug filed for it.

I reverted back to an older version, albeit this one does something
weird too.
I will keep prodding that, until I get the error I had earlier, then
send a new email about the issue, or file a bug, depending on what my
findings are.

So, for now please ignore my previous email.

Thank you.

Regards,

Tristan

-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at fedoraproject.org