Smartcard working completely with GPG2 and incompletely with GPG1.4
NIIBE Yutaka
gniibe at fsij.org
Fri Jan 27 01:58:57 CET 2017
Hello,
chris.p.16 at gmx.de wrote:
> With GnuPG 2, signing, encrypting and decrypting a file works without
> any problems. With 1.4, I can encrypt and sign a file, but I can't
> decrypt it. It's failing with the message:
[...]
>
> gpg: public key decryption failed: general error
> gpg: decryption failed: secret key not available
[...]
> sec# rsa4096/E728903D created: 2014-04-12 expires: never
> ssb> rsa4096/3A07266F created: 2014-04-12 expires: never
> card-no: 0005 00005031
> ssb> rsa4096/43F27C98 created: 2017-01-24 expires: never
> card-no: 0005 00005031
I located the cause of this issue. It is not the issue of scdaemon
incompatibility of GnuPG 2.1, which I addressed yesterday.
With GnuPG 1.4 for smartcard can't work well for RSA 4096-bit keys. (I
think that it can also occur with the combination of GnuPG 1.4 and GnuPG
2.0.)
In the code of g10/cardglue.c, the buffer length is 1002-byte by the
definition of ASSUAN_LINELENGTH [0], but this length is not enough for
the checking at [1]. (To represent encrypted value of 4096-bit itself,
it requires 1024-byte by hex string.)
[0] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=include/assuan.h;h=1170f959df353f33373565c729981891dcd0100c;hb=refs/heads/STABLE-BRANCH-1-4#l91
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/cardglue.c;h=809b315e564831aac8727d3c905e53016749f76e;hb=refs/heads/STABLE-BRANCH-1-4#l1395
--
More information about the Gnupg-users
mailing list