Decryption fails with 4096bit key on SmartCard
marcus.ilgner at gmail.com
Tue Sep 22 15:26:11 CEST 2015
Thank you for the hint. I updated the gist at
https://gist.github.com/milgner/b823685c8a5960f1f13b to include both the
output of `gpg --card-status` (which works fine) as well as the log for
trying to decrypt with CCID disabled in scdaemon.conf (which unfortunately
it yields the same error as before).
I don't know enough about the workings on the chip to make any guess about
possible origins of the error but I would have thought that all data stems
from the secret key? I.e. the key is moved to the card in full and the
blinded/public key as well as the fingerprints are derived from it there?
Also I did not receive any errors before, all other operations seem to work
So, again, thanks for helping to investigate! I hope we can find a solution
to this :)
All the best
On Tue, 22 Sep 2015 at 15:07 NIIBE Yutaka <gniibe at fsij.org> wrote:
> On 2015-09-22 at 09:30 +0000, Marcus Ilgner wrote:
> > Here you can find the full
> > log: https://gist.github.com/milgner/b823685c8a5960f1f13b
> Thank you for the dump. There are fingerprints and timestamps
> registered on the card. But, it failed decryption with "No Record".
> Usually, it means there is no key on the card.
> Well, it's inconsistent. After writing private key onto the card,
> fingerprint and timestamp are registered.
> What's the output of 'gpg --card-status'?
> By invoking 'gpg --card-status', scdaemon tries to access public key
> on card. If it fails, I think that there were some troubles when you
> wrote decryption key onto card (but it proceeded without notifying the
> error, thus, having fingerprint and timestamps for decryption key,
> I think that it's worth a try to run scdaemon with disable-ccid flag.
> Please include a line:
> =============== .gnupg/scdaemon.conf
> It disables internal CCID driver and use PC/SC. If it works, there
> is some bug in internal CCID driver.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users