Multiple Yubikeys/Smartcards and Thunderbird email client
Brandon Anderson
brandon753.ba at gmail.com
Sun Jul 18 23:40:55 CEST 2021
>>> On 15 Jul 2021, at 12:54, john doe via Gnupg-users
>>> <gnupg-users at gnupg.org> wrote:
>>>
>>> Is this still relevent with the built-in gpg stuff of TB?
>> Very much so. Thunderbird’s native Open PGP support is quite basic,
>> and anything to do with smartcards still has to be delegated to an
>> external gnupg process.
>>
>> A
>
>
> Another weird behavior I am just now noticing, and maybe it is
> related. When I insert the Yubikey that Thunderbird wants, and type
> into the terminal `gpg --card-status`, it outputs as expected. The
> same thing occurs if I insert my GPG smartcard v2.1. However, my
> primary Yubikey 5 Nano, which is usually on my desktop and the one I
> want Thunderbird to play nice with when inserted and `gpg
> --card-status` is run outputs:
>
>
> ➜ yubikeyLockPassword gpg --card-status
> gpg: selecting card failed: End of file
> gpg: OpenPGP card not available: End of file
>
> The first time and then when you rerun `gpg --card-status`, it outputs
> the proper and expected result every time. However, this is repeatable
> as every time I remove and reinsert this particular Yubikey, the first
> card-status call falls, all later ones succeed. I wonder if this odd
> behavior is what's causing Thunderbird to ignore this one Yubikey.
>
> Sincerely,
>
> Brandon Anderson
>
So, following up on this email, I went to sign some git commits, and the
same issue that I reported happening on thunderbird happened with my git
commits. The issue is similar to what is reported here three years ago
https://stackoverflow.com/questions/46330629/signing-commits-in-git-uses-wrong-subkey
where only the most recent signature key is attempted even if the system
has a smartcard or private key to an alternative valid signing key. I
have deleted the subkeys for the non-primary smartcards on my desktop
and while it works is less than the desired solution, as I can not
insert other smartcards for signing and may want to verify in gpg those
subkeys signatures. Any insight would be greatly appreciated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 15950 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210718/44a4a59b/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210718/44a4a59b/attachment.sig>
More information about the Gnupg-users
mailing list