gnupg and ssh interaction somehow broken (card reader with pinpad)

Andreas K. Huettel andreas.huettel at ur.de
Wed Mar 17 16:31:29 CET 2021


Am Mittwoch, 17. März 2021, 09:48:58 CET schrieb Werner Koch:
> On Tue, 16 Mar 2021 23:25, Andreas K. Huettel said:
> > 3) then, sign something: pinentry window pops up, pin is not accepted
> > ("wrong beep")
> 
> We need a log from the scdaemon.  

Here's the critical part from the scdaemon log, when signing fails in step 3: 

2021-03-17 16:15:37 scdaemon[4932] DBG: dismiss pinpad entry prompt
2021-03-17 16:15:37 scdaemon[4932] DBG: chan_7 -> INQUIRE DISMISSPINPADPROMPT
2021-03-17 16:15:37 scdaemon[4932] DBG: chan_7 <- END
2021-03-17 16:15:37 scdaemon[4932] Prüfung des CHV1 fehlgeschlagen: Ungültiger 
Wert
2021-03-17 16:15:37 scdaemon[4932] operation sign result: Ungültiger Wert
2021-03-17 16:15:37 scdaemon[4932] app_sign failed: Ungültiger Wert
2021-03-17 16:15:37 scdaemon[4932] DBG: chan_7 -> ERR 100663351 Ungültiger 
Wert <SCD>
2021-03-17 16:15:37 scdaemon[4932] DBG: chan_7 <- RESTART
2021-03-17 16:15:37 scdaemon[4932] DBG: chan_7 -> OK

[Not being familiar with the details, I dont know if I can post the full log 
here or if it contains sensitive data.]

> Which gnupg version are you running?

huettel at kailua ~ $ gpg --version
gpg (GnuPG) 2.2.25
libgcrypt 1.8.6
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/huettel/.gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
           CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2


If I do gpg signing a file first and ssh later, this is the detail when after 
successful signing the ssh command fails:

2021-03-17 16:28:49 scdaemon[26257] DBG: dismiss pinpad entry prompt
2021-03-17 16:28:49 scdaemon[26257] DBG: chan_7 -> INQUIRE DISMISSPINPADPROMPT
2021-03-17 16:28:49 scdaemon[26257] DBG: chan_7 <- END
2021-03-17 16:28:49 scdaemon[26257] Prüfung des CHV2 fehlgeschlagen: 
Ungültiger Wert
2021-03-17 16:28:49 scdaemon[26257] operation auth result: Ungültiger Wert
2021-03-17 16:28:49 scdaemon[26257] app_auth failed: Ungültiger Wert
2021-03-17 16:28:49 scdaemon[26257] DBG: chan_7 -> ERR 100663351 Ungültiger 
Wert <SCD>
2021-03-17 16:28:49 scdaemon[26257] DBG: chan_7 <- RESTART
2021-03-17 16:28:49 scdaemon[26257] DBG: chan_7 -> OK


-- 
PD Dr. Andreas K. Huettel
Institute for Experimental and Applied Physics
University of Regensburg
93040 Regensburg
Germany

tel. +49 151 241 67748 (mobile)
tel. +49 941 943 1618 (office)
e-mail andreas.huettel at ur.de
http://www.akhuettel.de/
http://www.physik.uni-r.de/forschung/huettel/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 981 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210317/9c141eb7/attachment.sig>


More information about the Gnupg-users mailing list