Decryption fails with 4096bit key on SmartCard

NIIBE Yutaka gniibe at fsij.org
Tue Sep 22 15:07:28 CEST 2015


On 2015-09-22 at 09:30 +0000, Marcus Ilgner wrote:
> Here you can find the full
> log: https://gist.github.com/milgner/b823685c8a5960f1f13b

Thank you for the dump.  There are fingerprints and timestamps
registered on the card.  But, it failed decryption with "No Record".
Usually, it means there is no key on the card.

Well, it's inconsistent.  After writing private key onto the card,
fingerprint and timestamp are registered.

What's the output of 'gpg --card-status'?

By invoking 'gpg --card-status', scdaemon tries to access public key
on card.  If it fails, I think that there were some troubles when you
wrote decryption key onto card (but it proceeded without notifying the
error, thus, having fingerprint and timestamps for decryption key,
perhaps).

I think that it's worth a try to run scdaemon with disable-ccid flag.
Please include a line:

=============== .gnupg/scdaemon.conf
disable-ccid
===============

It disables internal CCID driver and use PC/SC.  If it works, there
is some bug in internal CCID driver.
-- 





More information about the Gnupg-users mailing list