scute / firefox: cannot connect to GPG agent

Damien Goutte-Gattat dgouttegattat at
Mon Jun 5 19:37:27 CEST 2017

On 06/05/2017 07:04 PM, Fabian Peter Hammerle wrote:
>> scute: scute_agent_get_cert: got certificate from card with length 259
OK, this is weird. 259 bytes seems too short for a X.509 certificate, 
especially one based on 4096-bit public key (for comparison, my own 
2048-bit certificate is 1587 bytes).

Maybe an error occured when the certificate was stored on the Yubikey, 
and the certificate there is actually truncated?

Could you extract the certificate from the smartcard and have a look at 
it? Run gpg in card-edit mode, and at the prompt, use the (undocumented) 
readcert command to save the certificate to a file

   $ gpg --card-edit

   gpg/card> readcert 3 > file.der
   gpg/card> quit

Then inspect the contents of file.der, using e.g. openssl:

   $ openssl x509 -inform DER -in file.der -text

> Due to scute 'rejecting certificate' I just removed my current
> certificate for the auth subkey from gpgsm and created / imported a new
> self-signed certificate:
 > [...]
> Anyway, Scute still logs the same error message:

Did you import your new certificate onto the Yubikey? Because 
independently of what your gpgsm store may contain, Scute will always 
try to fetch the certificate from the token itself.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170605/0e9ec9c8/attachment.sig>

More information about the Gnupg-users mailing list