OpenPGP Smartcard + signing email = two signatures?

Pete Stephenson pete at heypete.com
Mon Sep 30 23:10:23 CEST 2013


Hi all,

I use Thunderbird, Enigmail, and GnuPG on Windows 7 (among others).

I have my primary cert/sign key on one smartcard and two subkeys
(signature + encryption) on another. I have the "force signature PIN"
option enabled for both cards.

Tonight I was using the card with the subkeys to sign an email message
that I was sending. As expected I was prompted by pinentry to enter the
card PIN and that the card had made N signatures before. I entered the
PIN and immediately pinentry popped up again asking for me to re-enter
the PIN and indicated that N+1 signatures had been made before,
suggesting that it had made the previous signature. Again, I entered the
PIN and the message was correctly signed and everything seems to work
normally. There is only one signature on the message -- it seems that
one of the signatures goes missing.

I've noticed this happening intermittently over the past few months, but
only when using Enigmail and Thunderbird -- if my memory serves me right
it also happens intermittently when I use Ubuntu Linux on a different
computer, Thunderbird, and Enigmail so it doesn't seem to be a
Windows-specific problem.

Although this has happened for a while, it's only happened
intermittently and I can't reproduce it on demand (e.g. it happened to
the first signed message I sent today, but not the second. It occurred
when I tried signing this message.) Has anyone else observed this
behavior? If so, is there an explanation?

Cheers!
-Pete

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130930/c9f6066b/attachment-0001.sig>


More information about the Gnupg-users mailing list