gnupg and ssh interaction somehow broken (card reader with pinpad)

Andreas K. Huettel dilfridge at gentoo.org
Tue Mar 16 23:25:41 CET 2021 

Dear all, 

I'd appreciate some advice. I recently returned back from a year abroad to my 
trusted hardware, and it seems an upgrade of gpg in the meantime broke things.

Setup: 
* OpenPGP card with S, E, A subkeys; using both gnupg and ssh with the card
* SPR532 USB card reader with pinpad

~/.bashrc (after consultation of the list archives):
GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
unset SSH_ASKPASS
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"

Symptoms:

1) first, sign something (e.g. detached file signature): works as expected 
(pinentry window pops up, pin entered on keypad)
2) then, use ssh with pubkey authentication: pinentry window pops up, pin is 
not accepted ("wrong beep")

alternatively (after removing card, unpowering reader, plugging reader and 
card back in)

1) gpg --card-status finds the card and starts the agent
2) use ssh with pubkey authentication: pinentry window pops up, pin is 
accepted, works
3) then, sign something: pinentry window pops up, pin is not accepted ("wrong 
beep")

Here's an excerpt from the debug log:

2021-03-15 19:41:01 gpg-agent[12004] starting a new PIN Entry
2021-03-15 19:41:01 gpg-agent[12004] DBG: connection to PIN entry established
2021-03-15 19:41:01 gpg-agent[12004] DBG: chan_11 -> END
2021-03-15 19:41:05 gpg-agent[12004] DBG: agent_cache_housekeeping
2021-03-15 19:41:06 gpg-agent[12004] DBG: chan_11 <- INQUIRE 
DISMISSPINPADPROMPT
2021-03-15 19:41:06 gpg-agent[12004] DBG: chan_11 -> END
2021-03-15 19:41:06 gpg-agent[12004] DBG: chan_11 <- ERR 100663351 Invalid 
value <SCD>
2021-03-15 19:41:06 gpg-agent[12004] smartcard signing failed: Invalid value

Any clue what's happening?

TIA,
Andreas

-- 
Andreas K. Hüttel
dilfridge at gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, libreoffice)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 981 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210316/51df7ef0/attachment.sig>

More information about the Gnupg-users mailing list