gpg-agent unable to see yubikey until manually re-running `gpg --card-status`

Lance R. Vick lance at lrvick.net
Wed Jun 17 00:41:43 CEST 2015


Very confused by this. Every time I insert my yubikey into a system I must
do 'gpg --card-status' to make gpg-agent aware it exists again.

Using: gpg/gpg-agent 2.1.4

Expected Results:

1. Insert yubikey
2. Issue version command to gpg agent
3. Version is reported
4. Remove and re-insert key
5. Issue version command to gpg agent
6. version is reported

Actual Results:

1. Insert yubikey
2. Issue version command to gpg agent
3. Version is reported
4. Remove and re-insert key
5. Issue version command to gpg agent
6. "Card not present" error

Current workaround when error is reached:

1. Issue 'gpg --card-status'
2. Issue version command to gpg agent
3. Version is reported

Stock gpg configs other than 'enable-ssh-support' in .gnupg/gpg-agent.conf

I have the following in my .zlogin to setup ssh env:

```
    envfile="$HOME/.gnupg/gpg-agent.env"
    if [[ ! -e "$envfile" ]] || [[ ! -e "$HOME/.gnupg/S.gpg-agent" ]]; then
        gpg-agent --daemon --enable-ssh-support > $envfile
    fi
    eval "$(cat "$envfile")"
    export SSH_AUTH_SOCK   # enable gpg-agent for ssh

```

Output of me reproducing this issue:

```
[lrvick at tsar ~]$ # key inserted
[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
D[0000]  01 00 08 90 00                                     .....
OK

[lrvick at tsar ~]$ gpg --card-status

Application ID ...: D2760001240102000006033646440000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03364644
Name of cardholder: Lance Vick
Language prefs ...: en
Sex ..............: male
URL of public key :
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xE90A401336C8AAA9
Login data .......: lrvick
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 6
Signature key ....: 387A 3684 2D5A A336 0A05  193E 8D5B 2F41 F664 44E5
      created ....: 2015-03-19 08:41:47
Encryption key....: 1F43 D8C3 9A32 F33A EC7A  6527 5301 06BD D94A 0B8A
      created ....: 2015-03-19 08:43:20
Authentication key: 7FDA 0082 EF1E 9A5B 9EB6  B63F D362 694A F189 271D
      created ....: 2015-03-19 08:45:19
General key info..: sub  rsa2048/F66444E5 2015-03-19 Lance R. Vick
(Personal) <lance at lrvick.net>
sec#  rsa4096/36C8AAA9  created: 2009-05-09  expires: never
ssb>  rsa2048/F66444E5  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb>  rsa2048/D94A0B8A  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb>  rsa2048/F189271D  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb#  rsa4096/A649FFDA  created: 2009-05-09  expires: never
ssb#  rsa4096/4D08A9A6  created: 2015-02-01  expires: never

[lrvick at tsar ~]$ # key removed
[lrvick at tsar ~]$ # key inserted

[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
ERR 100663408 Card not present <SCD>

[lrvick at tsar ~]$ gpg --card-status

Application ID ...: D2760001240102000006033646440000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03364644
Name of cardholder: Lance Vick
Language prefs ...: en
Sex ..............: male
URL of public key :
http://pgp.mit.edu/pks/lookup?op=vindex&search=0xE90A401336C8AAA9
Login data .......: lrvick
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 6
Signature key ....: 387A 3684 2D5A A336 0A05  193E 8D5B 2F41 F664 44E5
      created ....: 2015-03-19 08:41:47
Encryption key....: 1F43 D8C3 9A32 F33A EC7A  6527 5301 06BD D94A 0B8A
      created ....: 2015-03-19 08:43:20
Authentication key: 7FDA 0082 EF1E 9A5B 9EB6  B63F D362 694A F189 271D
      created ....: 2015-03-19 08:45:19
General key info..: sub  rsa2048/F66444E5 2015-03-19 Lance R. Vick
(Personal) <lance at lrvick.net>
sec#  rsa4096/36C8AAA9  created: 2009-05-09  expires: never
ssb>  rsa2048/F66444E5  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb>  rsa2048/D94A0B8A  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb>  rsa2048/F189271D  created: 2015-03-19  expires: never
                        card-no: 0006 03364644
ssb#  rsa4096/A649FFDA  created: 2009-05-09  expires: never
ssb#  rsa4096/4D08A9A6  created: 2015-02-01  expires: never

[lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
D[0000]  01 00 08 90 00                                     .....
OK

[lrvick at tsar ~]$ gpg --version
gpg (GnuPG) 2.1.4
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[lrvick at tsar ~]$ gpg-connect-agent
> getinfo version
D 2.1.4
OK
>
```

-- 
Lance R. Vick
__________________________________________________
Cell      -  407.283.7596
Gtalk     -  lance at lrvick.net
Website   -  http://lrvick.net
PGP Key   -  http://lrvick.net/0x36C8AAA9.asc
keyserver -  subkeys.pgp.net
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150616/84ba9589/attachment-0001.html>


More information about the Gnupg-users mailing list