gpg-agent unable to see yubikey until manually re-running `gpg --card-status`
Lance R. Vick
lance at lrvick.net
Wed Jun 17 00:41:43 CEST 2015
Very confused by this. Every time I insert my yubikey into a system I must
do 'gpg --card-status' to make gpg-agent aware it exists again.
Using: gpg/gpg-agent 2.1.4
Expected Results:
1. Insert yubikey
2. Issue version command to gpg agent
3. Version is reported
4. Remove and re-insert key
5. Issue version command to gpg agent
6. version is reported
Actual Results:
1. Insert yubikey
2. Issue version command to gpg agent
3. Version is reported
4. Remove and re-insert key
5. Issue version command to gpg agent
6. "Card not present" error
Current workaround when error is reached:
1. Issue 'gpg --card-status'
2. Issue version command to gpg agent
3. Version is reported
Stock gpg configs other than 'enable-ssh-support' in .gnupg/gpg-agent.conf
I have the following in my .zlogin to setup ssh env:
```
envfile="$HOME/.gnupg/gpg-agent.env"
if [[ ! -e "$envfile" ]] || [[ ! -e "$HOME/.gnupg/S.gpg-agent" ]]; then
gpg-agent --daemon --enable-ssh-support > $envfile
fi
eval "$(cat "$envfile")"
export SSH_AUTH_SOCK # enable gpg-agent for ssh
```
Output of me reproducing this issue:
```
[lrvick at tsar ~]$ # key inserted
[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
D[0000] 01 00 08 90 00 .....
OK
[lrvick at tsar ~]$ gpg --card-status
Application ID ...: D2760001240102000006033646440000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03364644
Name of cardholder: Lance Vick
Language prefs ...: en
Sex ..............: male
URL of public key :
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xE90A401336C8AAA9
Login data .......: lrvick
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 6
Signature key ....: 387A 3684 2D5A A336 0A05 193E 8D5B 2F41 F664 44E5
created ....: 2015-03-19 08:41:47
Encryption key....: 1F43 D8C3 9A32 F33A EC7A 6527 5301 06BD D94A 0B8A
created ....: 2015-03-19 08:43:20
Authentication key: 7FDA 0082 EF1E 9A5B 9EB6 B63F D362 694A F189 271D
created ....: 2015-03-19 08:45:19
General key info..: sub rsa2048/F66444E5 2015-03-19 Lance R. Vick
(Personal) <lance at lrvick.net>
sec# rsa4096/36C8AAA9 created: 2009-05-09 expires: never
ssb> rsa2048/F66444E5 created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb> rsa2048/D94A0B8A created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb> rsa2048/F189271D created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb# rsa4096/A649FFDA created: 2009-05-09 expires: never
ssb# rsa4096/4D08A9A6 created: 2015-02-01 expires: never
[lrvick at tsar ~]$ # key removed
[lrvick at tsar ~]$ # key inserted
[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
ERR 100663408 Card not present <SCD>
[lrvick at tsar ~]$ gpg --card-status
Application ID ...: D2760001240102000006033646440000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03364644
Name of cardholder: Lance Vick
Language prefs ...: en
Sex ..............: male
URL of public key :
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xE90A401336C8AAA9
Login data .......: lrvick
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 6
Signature key ....: 387A 3684 2D5A A336 0A05 193E 8D5B 2F41 F664 44E5
created ....: 2015-03-19 08:41:47
Encryption key....: 1F43 D8C3 9A32 F33A EC7A 6527 5301 06BD D94A 0B8A
created ....: 2015-03-19 08:43:20
Authentication key: 7FDA 0082 EF1E 9A5B 9EB6 B63F D362 694A F189 271D
created ....: 2015-03-19 08:45:19
General key info..: sub rsa2048/F66444E5 2015-03-19 Lance R. Vick
(Personal) <lance at lrvick.net>
sec# rsa4096/36C8AAA9 created: 2009-05-09 expires: never
ssb> rsa2048/F66444E5 created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb> rsa2048/D94A0B8A created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb> rsa2048/F189271D created: 2015-03-19 expires: never
card-no: 0006 03364644
ssb# rsa4096/A649FFDA created: 2009-05-09 expires: never
ssb# rsa4096/4D08A9A6 created: 2015-02-01 expires: never
[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
D[0000] 01 00 08 90 00 .....
OK
[lrvick at tsar ~]$ gpg --version
gpg (GnuPG) 2.1.4
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
[lrvick at tsar ~]$ gpg-connect-agent
> getinfo version
D 2.1.4
OK
>
```
--
Lance R. Vick
__________________________________________________
Cell - 407.283.7596
Gtalk - lance at lrvick.net
Website - http://lrvick.net
PGP Key - http://lrvick.net/0x36C8AAA9.asc
keyserver - subkeys.pgp.net
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150616/84ba9589/attachment-0001.html>
More information about the Gnupg-users
mailing list