scute / firefox: cannot connect to GPG agent

Fabian Peter Hammerle fabian.hammerle at gmail.com
Mon Jun 5 13:35:27 CEST 2017


> Can you check that after starting Firefox, you still have
> only one GPG-Agent and one Scdaemon running?

Before launching Firefox:

$ ps aux | grep -P '(scdaemon|gpg-agent)'
> fabianp+  3242 [...] gpg-agent --homedir /home/fabianpeter/.gnupg --use-standard-socket --daemon
> fabianp+  3518 [...] grep -P (scdaemon|gpg-agent)
> fabianp+ 26815 [...] scdaemon --multi-server
$ gpg-connect-agent "SCD GETINFO pid" /bye
> D 26815
> OK

Strangely enough Firefox does no longer write anything to stdout or stderr.
Unfortunately, I don't know what changed since I received the error
message last time.

$ export GPG_AGENT_INFO=$(gpgconf --list-dir agent-socket):0:1 
$ echo $GPG_AGENT_INFO
> /run/user/1000/gnupg/S.gpg-agent:0:1
$ firefox &
> [1] 3616

While Firefox was running no other instances of gpg-agent or scdaemon
were launched:

$ ps aux | grep -P '(scdaemon|gpg-agent)'                     
> fabianp+  3242 [...] gpg-agent --homedir /home/fabianpeter/.gnupg --use-standard-socket --daemon
> fabianp+  3746 [...] grep -P (scdaemon|gpg-agent)
> fabianp+ 26815 [...] scdaemon --multi-server

With the Yubikey unplugged Firefox' Device Manager now shows a menu item
'GnuPG Smart Card Daemon':
Status: Not Present
Description: GnuPG Smart Card Daemon
Manufacturer: g10 Code GmbH
HW Version: 2.1
FW Version: 1.5

When I plug in my Yubikey and re-open the Device Manager most values are empty:
change to:
Status: Not Present
Description: [empty]
Manufacturer:  [empty]
HW Version: [empty]
FW Version: [empty]

(Screenshots attached)

While Firefox is running I am not able to access my smartcard with gpg:

$ date | gpg -e | gpg # gpg test         
> gpg: encrypted with 4096-bit RSA key, ID CD90DBE8B7C5FE43, created 2016-10-16
>       "Fabian Peter Hammerle <fabian at hammerle.me>"
> gpg: public key decryption failed: No SmartCard daemon
> gpg: decryption failed: No secret key
$ gpg-connect-agent "SCD GETINFO pid" /bye
> ERR 67108983 No SmartCard daemon <GPG Agent>

Before I loaded Scute in Firefox the very first time,
I used gpgsm the create a x509 cert for the auth subkey (pos. 3) on the Yubikey.
I signed the certificate with another key in gpgsm (also on smartcard).

$ gpgsm --list-secret-keys --with-validation 0x33C90BD1
> [...]
>        Issuer: /CN=Fabian Peter Hammerle/C=AT
>       Subject: /CN=Fabian Peter Hammerle/C=AT
>      validity: 2017-06-02 21:59:08 through 2017-07-02 21:59:08
>      key type: 4096 bit RSA
>     key usage: digitalSignature nonRepudiation
> ext key usage: clientAuth (suggested)
>   fingerprint: 94:F5:1F:46:07:5D:28:68:8A:F3:A6:39:DB:BD:E4:4E:33:C9:0B:D1
>      card s/n: D276000[...]
>   [certificate is good]

Thank you very much for your support!

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: device-manager_yubikey-unplugged.png
Type: image/png
Size: 39290 bytes
Desc: Device Manager with Yubikey unplugged
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: device-manager_yubikey-plugged-in.png
Type: image/png
Size: 33280 bytes
Desc: Device Manager with Yubikey plugged in
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0001.sig>


More information about the Gnupg-users mailing list