Smartcard working completely with GPG2 and incompletely with GPG1.4

NIIBE Yutaka gniibe at
Fri Jan 27 01:58:57 CET 2017


chris.p.16 at wrote:
> With GnuPG 2, signing, encrypting and decrypting a file works without
> any problems. With 1.4, I can encrypt and sign a file, but I can't
> decrypt it. It's failing with the message:
> gpg: public key decryption failed: general error
> gpg: decryption failed: secret key not available
> sec#  rsa4096/E728903D  created: 2014-04-12  expires: never     
> ssb>  rsa4096/3A07266F  created: 2014-04-12  expires: never     
>                         card-no: 0005 00005031
> ssb>  rsa4096/43F27C98  created: 2017-01-24  expires: never     
>                         card-no: 0005 00005031

I located the cause of this issue.  It is not the issue of scdaemon
incompatibility of GnuPG 2.1, which I addressed yesterday.

With GnuPG 1.4 for smartcard can't work well for RSA 4096-bit keys.  (I
think that it can also occur with the combination of GnuPG 1.4 and GnuPG

In the code of g10/cardglue.c, the buffer length is 1002-byte by the
definition of ASSUAN_LINELENGTH [0], but this length is not enough for
the checking at [1].  (To represent encrypted value of 4096-bit itself,
it requires 1024-byte by hex string.)


More information about the Gnupg-users mailing list