scute / firefox: cannot connect to GPG agent
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon Jun 5 19:37:27 CEST 2017
On 06/05/2017 07:04 PM, Fabian Peter Hammerle wrote:
>> scute: scute_agent_get_cert: got certificate from card with length 259
OK, this is weird. 259 bytes seems too short for a X.509 certificate,
especially one based on 4096-bit public key (for comparison, my own
2048-bit certificate is 1587 bytes).
Maybe an error occured when the certificate was stored on the Yubikey,
and the certificate there is actually truncated?
Could you extract the certificate from the smartcard and have a look at
it? Run gpg in card-edit mode, and at the prompt, use the (undocumented)
readcert command to save the certificate to a file
$ gpg --card-edit
gpg/card> readcert 3 > file.der
gpg/card> quit
Then inspect the contents of file.der, using e.g. openssl:
$ openssl x509 -inform DER -in file.der -text
> Due to scute 'rejecting certificate' I just removed my current
> certificate for the auth subkey from gpgsm and created / imported a new
> self-signed certificate:
> [...]
> Anyway, Scute still logs the same error message:
Did you import your new certificate onto the Yubikey? Because
independently of what your gpgsm store may contain, Scute will always
try to fetch the certificate from the token itself.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170605/0e9ec9c8/attachment.sig>
More information about the Gnupg-users
mailing list