scute / firefox: cannot connect to GPG agent
Fabian Peter Hammerle
fabian.hammerle at gmail.com
Mon Jun 5 13:35:27 CEST 2017
> Can you check that after starting Firefox, you still have
> only one GPG-Agent and one Scdaemon running?
Before launching Firefox:
$ ps aux | grep -P '(scdaemon|gpg-agent)'
> fabianp+ 3242 [...] gpg-agent --homedir /home/fabianpeter/.gnupg --use-standard-socket --daemon
> fabianp+ 3518 [...] grep -P (scdaemon|gpg-agent)
> fabianp+ 26815 [...] scdaemon --multi-server
$ gpg-connect-agent "SCD GETINFO pid" /bye
> D 26815
> OK
Strangely enough Firefox does no longer write anything to stdout or stderr.
Unfortunately, I don't know what changed since I received the error
message last time.
$ export GPG_AGENT_INFO=$(gpgconf --list-dir agent-socket):0:1
$ echo $GPG_AGENT_INFO
> /run/user/1000/gnupg/S.gpg-agent:0:1
$ firefox &
> [1] 3616
While Firefox was running no other instances of gpg-agent or scdaemon
were launched:
$ ps aux | grep -P '(scdaemon|gpg-agent)'
> fabianp+ 3242 [...] gpg-agent --homedir /home/fabianpeter/.gnupg --use-standard-socket --daemon
> fabianp+ 3746 [...] grep -P (scdaemon|gpg-agent)
> fabianp+ 26815 [...] scdaemon --multi-server
With the Yubikey unplugged Firefox' Device Manager now shows a menu item
'GnuPG Smart Card Daemon':
Status: Not Present
Description: GnuPG Smart Card Daemon
Manufacturer: g10 Code GmbH
HW Version: 2.1
FW Version: 1.5
When I plug in my Yubikey and re-open the Device Manager most values are empty:
change to:
Status: Not Present
Description: [empty]
Manufacturer: [empty]
HW Version: [empty]
FW Version: [empty]
(Screenshots attached)
While Firefox is running I am not able to access my smartcard with gpg:
$ date | gpg -e | gpg # gpg test
> gpg: encrypted with 4096-bit RSA key, ID CD90DBE8B7C5FE43, created 2016-10-16
> "Fabian Peter Hammerle <fabian at hammerle.me>"
> gpg: public key decryption failed: No SmartCard daemon
> gpg: decryption failed: No secret key
$ gpg-connect-agent "SCD GETINFO pid" /bye
> ERR 67108983 No SmartCard daemon <GPG Agent>
Before I loaded Scute in Firefox the very first time,
I used gpgsm the create a x509 cert for the auth subkey (pos. 3) on the Yubikey.
I signed the certificate with another key in gpgsm (also on smartcard).
$ gpgsm --list-secret-keys --with-validation 0x33C90BD1
> [...]
> Issuer: /CN=Fabian Peter Hammerle/C=AT
> Subject: /CN=Fabian Peter Hammerle/C=AT
> validity: 2017-06-02 21:59:08 through 2017-07-02 21:59:08
> key type: 4096 bit RSA
> key usage: digitalSignature nonRepudiation
> ext key usage: clientAuth (suggested)
> fingerprint: 94:F5:1F:46:07:5D:28:68:8A:F3:A6:39:DB:BD:E4:4E:33:C9:0B:D1
> card s/n: D276000[...]
> [certificate is good]
Thank you very much for your support!
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: device-manager_yubikey-unplugged.png
Type: image/png
Size: 39290 bytes
Desc: Device Manager with Yubikey unplugged
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: device-manager_yubikey-plugged-in.png
Type: image/png
Size: 33280 bytes
Desc: Device Manager with Yubikey plugged in
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170605/02c8a0c5/attachment-0001.sig>
More information about the Gnupg-users
mailing list