gnupg SmartCard V3.3

Thomas Jarosch thomas.jarosch at intra2net.com
Wed Feb 28 15:54:16 CET 2018 

Hello Klaus,

On Tuesday, 27 February 2018 01:04:27 CET Klaus Römer wrote:
> i bought two V3.3 cards, but can`t get them to work …
> the keytocard command does not move the key but copy it and further on the
> gpg2 --card-status -> fetch followed by gpg2 --card-status does not create
> the stub keys, so gpg2 --list-secret-keys does not show any keys ... I have
> the same (rsa4096) sub-key loaded to each slot 1,2,3 eg SEA and card-status
> does show them … gpg2 --version is 2.1.11
> 
> 
> I did further tests by calling gpg2 —card-edit -> generate with keylength
> 2048 and 4096 which fail with „card-error“
> 
> Tried gpg (GnuPG/MacGPG2) 2.2.3
> on a completely different machine (mac)
> 
> Tried the other card (i bought two with consecutive serial numbers)
> 
> Tried three different card-reader:
> - Cherry GmbH SmartBoard XX44
> -  KOBIL EMV CAP - SecOVID Reader III
> - Alcor Micro AU9540 00 00
> 
> Can anybody help?

I just tested an openpgp card V3.3 with a Cherry ST-2000 card reader
and a Reiner cyberJack Go. It successfully created keys on the card
and after a "factory-reset" command it also moved an existing key
to the card just fine. Signing and decryption worked, too.

Same thing with a V2.1 openpgp card.

All tests have been done on a Fedora 27 live USB stick
using gnupg 2.2.4.

May be try on a non-Mac computer to see if this is the issue?


If you want to give the Fedora 27 live CD a try, it might be good
to update the included gnupg 2.2.0 to 2.2.4 before starting:

  dnf update -y gnupg2 libassuan libgcrypt libgpg-error


Optionally: If you want "paperbackup" on the live system:

  dnf install -y git python3 python3-pillow PyX python3-qrencode enscript ghostscript zbar
  git clone https://github.com/intra2net/paperbackup.git

  See https://github.com/intra2net/paperbackup


With the Fedora live CD, all operations are done on a ramdisk.
Just remember to unplug the network cable once
you start the key generation process :)

HTH,
Thomas

--
Don't send emails here: jefferson at intra2net.com

More information about the Gnupg-users mailing list