From ipstream at onionmail.org  Fri Sep  1 09:34:09 2023
From: ipstream at onionmail.org (isp_stream)
Date: Fri, 01 Sep 2023 07:34:09 +0000
Subject: Gentoo's Portage: Best ways to keep binary package signing
 key unlocked?
In-Reply-To: <871qfjgtzy.fsf@jacob.g10code.de>
References: <871qfjgtzy.fsf@jacob.g10code.de>
 <ea18f3ca-97ad-4ba4-b0ff-dade75bf95a0@gentoo.org>
Message-ID: <f5262b2b-ecb2-427b-5239-0bbe14af9055@onionmail.org>

Thank you sir. You are much to kind.



> On Thursday, 31. August 2023 14:35, Werner Koch via Gnupg-users
> [/webmail/send?to=gnupg-users at gnupg.org] wrote:
> 
> 
> 
> On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:
> 
> > Signing /dev/null feels like more of a hack then an actual solution to
> > keeping the key unlocked until portage finishes. Therefore I would
> > like to ask you if you have any better ideas to do this?
> 
> Don't use a passphrase or better use remote signing from your desktop
> and not on a server. See wiki.gnupg.org on how to use a remobe
> gpg-agent.
> 
> Another option is to use gpg-preset-passphrase (installed to
> libexec). Use
> 
> gpg -K --with-keygrip YOURSIGNINGKEY
> 
> to find the keygrip; then use
> 
> gpg-preset-passphrase --preset KEYGRIP
> 
> and enter the passphrase followed by a LF (or provide to stdin). This
> puts the passphrase into gpg-agent's cache with no timeout. The --forget
> option might not work right now, thus you better use
> 
> gpgconf --reload gpg-agent
> 
> to flush gpg-agent's cache.
> 
> Salam-Shalom,
> 
> Werner
> 
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230901/58cd9562/attachment.html>

From Alexander at Leidinger.net  Mon Sep  4 19:45:11 2023
From: Alexander at Leidinger.net (Alexander Leidinger)
Date: Mon, 04 Sep 2023 19:45:11 +0200
Subject: Failed to export secret key
Message-ID: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>

Hi,

gpg 2.4.3 complains about not being able to export my key. The issue is 
it can not query the secring password from my ssh session. How to debug 
this further?

This is what I have:
---snip---
% LANG=C gpg --export-secret-key -a -o netchild_sec.pgp 8F31830F9F2772BF
gpg: Warning: using insecure memory!
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key 
from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported


% LANG=C gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/netchild/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
         CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

  % LANG=C gpg --list-secret-key 8F31830F9F2772BF
gpg: Warning: using insecure memory!
sec   rsa4096 2016-08-16 [SC] [expires: 2024-02-08]
       034055A31F550AD032E2F6D78F31830F9F2772BF
uid           [ultimate] Alexander Leidinger <Alexander at Leidinger.net>
uid           [ultimate] Alexander Leidinger <netchild at FreeBSD.org>
uid           [ultimate] [jpeg image of size 9696]
ssb   rsa4096 2018-10-07 [E] [expires: 2024-02-08]
ssb   rsa4096 2018-10-07 [S] [expires: 2024-02-08]
ssb   rsa4096 2018-10-07 [S] [expires: 2024-02-08]

% cat .gnupg/gpg-agent.conf
#pinentry-program /usr/local/bin/pinentry-tty
log-file /tmp/gpgagent.log
disable-scdaemon

% cat .gnupg/options | grep -v "^#"

no-greeting

default-key 0x8F31830F9F2772BF

escape-from-lines

charset utf-8

lock-once

keyserver hkp://keys.openpgp.org

ask-cert-level
default-cert-level 2
import-options import-clean-sigs import-clean-uids
export-options export-clean-sigs export-clean-uids
keyserver-options no-include-revoked import-clean-sigs import-clean-uids 
export-clean-sigs export-clean-uids

fixed-list-mode
keyid-format 0xlong
with-fingerprint
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
CAST5 BZIP2 ZLIB ZIP Uncompressed
verify-options show-uid-validity
list-options show-uid-validity
sig-notation issuer-fpr at notations.openpgp.fifthhorseman.net=%g
cert-digest-algo SHA512

% cat /tmp/gpgagent.log
2023-09-04 19:23:46 gpg-agent[88711] gpg-agent (GnuPG) 2.4.3 started
2023-09-04 19:24:14 gpg-agent[88711] failed to unprotect the secret key: 
Verarbeitung wurde abgebrochen
2023-09-04 19:24:14 gpg-agent[88711] command 'EXPORT_KEY' failed: 
Verarbeitung wurde abgebrochen <Pinentry>
2023-09-04 19:24:43 gpg-agent[88711] failed to unprotect the secret key: 
Verarbeitung wurde abgebrochen
2023-09-04 19:24:43 gpg-agent[88711] command 'EXPORT_KEY' failed: 
Verarbeitung wurde abgebrochen <Pinentry>

  % ll /usr/local/bin/pinentry*
lrwxr-xr-x  1 root wheel   12B 31 Aug. 08:20 /usr/local/bin/pinentry@ -> 
pinentry-tty
-r-xr-xr-x  1 root wheel   71K  1 Sep. 00:13 
/usr/local/bin/pinentry-curses*
-r-xr-xr-x  1 root wheel   61K 31 Aug. 03:00 
/usr/local/bin/pinentry-tty*

% tty
/dev/pts/2

  % echo $GPG_TTY
/dev/pts/2
---snip---

If I specify --pinentry-mode loopback it works. Shouldn't this also work 
without this option? If yes, what's wrong or how to debug this further?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230904/da7b3671/attachment.sig>

From wk at gnupg.org  Tue Sep  5 16:50:30 2023
From: wk at gnupg.org (Werner Koch)
Date: Tue, 05 Sep 2023 16:50:30 +0200
Subject: Failed to export secret key
In-Reply-To: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net> (Alexander
 Leidinger via Gnupg-users's message of "Mon, 04 Sep 2023 19:45:11
 +0200")
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
Message-ID: <87fs3seksp.fsf@jacob.g10code.de>

On Mon,  4 Sep 2023 19:45, Alexander Leidinger said:

> If I specify --pinentry-mode loopback it works. Shouldn't this also
> work without this option? If yes, what's wrong or how to debug this

Sure, this shall work.  You may want to add

--8<---------------cut here---------------start------------->8---
debug ipc
debug-pinentry
log-file /some/file
--8<---------------cut here---------------end--------------->8---

to gpg-agent.conf, restart  the agent and check the log file.

Reminder: In case of any problems, please try invoking gpg with
--verbose (or -v).  You will see more diagnostics.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230905/9b437326/attachment.sig>

From ipstream at onionmail.org  Thu Sep  7 20:03:28 2023
From: ipstream at onionmail.org (isp_stream)
Date: Thu, 07 Sep 2023 18:03:28 +0000
Subject: gpg: signing failed: No secret key
Message-ID: <268a77d8-45c3-5219-9571-6ee1a989cd34@onionmail.org>

I get these endearing messages.

I cannot sign my message with the key.


I cannot delete the secret key.

I can decrypt with the secret key





gpg: signing failed: No secret key
gpg: message: clear-sign failed: No secret key

gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not found
gpg: 6O0PDA84A36B6C98B261AC2020546703CDADFA53: delete key failed: Not found

sec# nistp521 2023-08-11 [SC]

6O0PDA84A36B6C98B261AC2020546703CDADFA53
uid [ unknown] Richardh Bostrom <bostrom.richardh at proton.me>
ssb nistp521 2023-08-11 [E]

gpg --delete-secret-keys CDSXFA53
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


gpg: key "CDSXFA53" not found
gpg: CDSXFA53: delete key failed: Not found




Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230907/18c6076b/attachment.html>

From rjh at sixdemonbag.org  Thu Sep  7 20:42:32 2023
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 7 Sep 2023 14:42:32 -0400
Subject: gpg: signing failed: No secret key
In-Reply-To: <268a77d8-45c3-5219-9571-6ee1a989cd34@onionmail.org>
References: <268a77d8-45c3-5219-9571-6ee1a989cd34@onionmail.org>
Message-ID: <4546d9c7-b7d4-ae4b-f7ab-2e9d8c436db7@sixdemonbag.org>

Please don't send HTML to this list.

> gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not found

That's not a valid key ID.  Key IDs are strings of hexadecimal digits. 
Your second 'digit' there is the letter O, which is not a valid hexit.

> gpg --delete-secret-keys CDSXFA53

That's not a valid key ID.  Neither S nor X are valid hexits.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230907/5f70ffb4/attachment.sig>

From Alexander at Leidinger.net  Fri Sep  8 13:49:28 2023
From: Alexander at Leidinger.net (Alexander Leidinger)
Date: Fri, 08 Sep 2023 13:49:28 +0200
Subject: Failed to export secret key
In-Reply-To: <87fs3seksp.fsf@jacob.g10code.de>
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <87fs3seksp.fsf@jacob.g10code.de>
Message-ID: <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net>

Am 2023-09-05 16:50, schrieb Werner Koch:
> On Mon,  4 Sep 2023 19:45, Alexander Leidinger said:
> 
>> If I specify --pinentry-mode loopback it works. Shouldn't this also
>> work without this option? If yes, what's wrong or how to debug this
> 
> Sure, this shall work.  You may want to add
> 
> --8<---------------cut here---------------start------------->8---
> debug ipc
> debug-pinentry
> log-file /some/file
> --8<---------------cut here---------------end--------------->8---
> 
> to gpg-agent.conf, restart  the agent and check the log file.

The debug log:
---snip---
2023-09-08 13:37:48 gpg-agent[94276] listening on socket 
'/home/netchild/.gnupg/S.gpg-agent'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket 
'/home/netchild/.gnupg/S.gpg-agent.extra'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket 
'/home/netchild/.gnupg/S.gpg-agent.browser'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket 
'/home/netchild/.gnupg/S.gpg-agent.ssh'
2023-09-08 13:37:48 gpg-agent[94491] gpg-agent (GnuPG) 2.4.3 started
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK Pleased to meet 
you
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- RESET
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION 
ttyname=/dev/pts/5
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION 
ttytype=tmux-256color
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION lc-ctype=C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION lc-messages=C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- GETINFO version
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> D 2.4.3
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION 
allow-pinentry-notify
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION 
agent-awareness=2.1.0
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- KEYWRAP_KEY --export
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> [[Confidential data 
not shown]]
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- HAVEKEY --list=1000
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> [ 44 20 2a 2b f8 18 
37 63 7b b2 14 a3 34 4a 2a 5f ...(66 byte(s) skipped) ]
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- KEYINFO 
89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> S KEYINFO 
89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C D - - - P - - -
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK2023-09-08 
13:37:48 gpg-agent[94491] DBG: chan_8 <- SETKEYDESC 
Please+enter+the+passphrase+to+export+the+OpenPGP+secret+key:%0A%22Alexander+Leidinger+<Alexander at Leidinger.net>%22%0A4096-bit+RSA+key,+ID+8F31830F9F2772BF,%0Acreated+2016-08-16.%0A
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- EXPORT_KEY --openpgp 
  89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C
2023-09-08 13:37:48 gpg-agent[94491] starting a new PIN Entry
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK Pleased to meet 
you, process 94491
2023-09-08 13:37:53 gpg-agent[94491] DBG: connection to PIN entry 
established
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION no-grab
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
ttyname=/dev/pts/5
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
ttytype=tmux-256color
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION lc-ctype=C
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION lc-messages=C
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
allow-external-password-cache
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-ok=_OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-cancel=_Cancel
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-yes=_Yes
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254 Unknown 
option <Pinentry>
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-no=_No
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254 Unknown 
option <Pinentry>
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-prompt=PIN:
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-pwmngr=_Save in password manager
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-cf-visi=Do you really want to make your passphrase visible on 
the screen?
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-tt-visi=Make passphrase visible
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-tt-hide=Hide passphrase
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
default-capshint=Caps Lock is on
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION 
touch-file=/home/netchild/.gnupg/S.gpg-agent
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO flavor
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D tty
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO version
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D 1.2.1
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO ttyinfo
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D /dev/pts/5 
tmux-256color - ? 1001/1001 0
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO pid
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D 94492
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_8 -> INQUIRE 
PINENTRY_LAUNCHED 94492 tty 1.2.1 /dev/pts/5 tmux-256color - ? 1001/1001 
0
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_8 <- END
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETKEYINFO --clear
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETDESC Please enter 
the passphrase to export the OpenPGP secret key:%0A%22Alexander 
Leidinger <Alexander at Leidinger.net>%22%0A4096-bit RSA key, ID 
8F31830F9F2772BF,%0Acreated 2016-08-16.%0A
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETPROMPT 
Passphrase:
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> [[Confidential data 
not shown]]
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- [[Confidential data 
not shown]]
2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry: 
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_9 -> BYE
2023-09-08 13:37:54 gpg-agent[94491] failed to unprotect the secret key: 
Operation cancelled
2023-09-08 13:37:54 gpg-agent[94491] command 'EXPORT_KEY' failed: 
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_8 -> ERR 83886179 
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_8 <- [eof]
---snip---

No idea where the "ERR 83886254 Unknown option <Pinentry>" is coming 
from, I don't have "Pinentry" in any options file.

> Reminder: In case of any problems, please try invoking gpg with
> --verbose (or -v).  You will see more diagnostics.

The verbose output (which doesn't reveal anything new):
---snip---
gpg: enabled compatibility flags:
gpg: writing to 'netchild_sec.pgp'
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for the 
secret parts
gpg: Note: signature key 0439FFA68121245E expired 2021-06-16 14:41:02
gpg: Note: signature key AAF1421A85208084 expired 2021-06-16 14:40:46
gpg: pinentry launched (15243 tty 1.2.1 /dev/pts/5 tmux-256color - ? 
1001/1001 0)
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key 
from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230908/7bc10f97/attachment-0001.sig>

From Alexander at Leidinger.net  Fri Sep  8 15:40:43 2023
From: Alexander at Leidinger.net (Alexander Leidinger)
Date: Fri, 08 Sep 2023 15:40:43 +0200
Subject: Failed to export secret key
In-Reply-To: <874jk46bkl.fsf@jacob.g10code.de>
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <87fs3seksp.fsf@jacob.g10code.de>
 <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net>
 <874jk46bkl.fsf@jacob.g10code.de>
Message-ID: <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net>

Am 2023-09-08 15:26, schrieb Werner Koch:
> On Fri,  8 Sep 2023 13:49, Alexander Leidinger said:

>> 2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
>> Operation cancelled <Pinentry>
> 
> You clicked on CANCEL or closed the window.

No prompt at all in the console / ssh connection (and no graphics, so 
nothing to click on). So no manual cancelling from me.

>> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for
>> the secret parts
> [...]
>> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
>> from agent: Operation cancelled - skipped
> 
> You canceled, gpg-agent could not unprotect the key and and thus you 
> get
> the error code.
> 
> Given that you said it worked in loopback mode - I assume the pinentry
> is broken and returns Cancel due to other reasons.  Did you
> 
> GPG=$(tty)
> export GPG_TTY

% echo $GPG_TTY
/dev/pts/5

> in your target's bashrc etc?  The simple tty pinentry is used and it
> needs to know its tty - is /dev/pts/5 the correct one?  Try running

Yes it is:
% tty
/dev/pts/5

And there is no other one (this is a FreeBSD jail):
% ll /dev/pts
total 0
crw--w----  1 netchild tty 0x190  8 Sep. 15:36 5

> pinentry on the target directly:
> 
> $ pinentry
> getpin
> 
> should show the prompt.  Does it - if not, strace the process etc.

I only have two pinentry binaries installed, both are not for a 
graphical environment:

% ll /usr/local/bin/pinentry*
lrwxr-xr-x  1 root wheel   12B 31 Aug. 08:20 /usr/local/bin/pinentry@ -> 
pinentry-tty
-r-xr-xr-x  1 root wheel   71K  1 Sep. 00:13 
/usr/local/bin/pinentry-curses*
-r-xr-xr-x  1 root wheel   61K 31 Aug. 03:00 
/usr/local/bin/pinentry-tty*

% pinentry
Warning: using insecure memory!
OK Pleased to meet you
getpin
pinentry-tty
PIN:
D asdf
OK
bye
OK closing connection

% pinentry-curses
Warning: using insecure memory!
OK Pleased to meet you
getpin
<courses dialog popped up in the ssh connection>
D asdf
OK
bye
OK closing connection

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230908/10b4b7f6/attachment.sig>

From wk at gnupg.org  Fri Sep  8 15:26:02 2023
From: wk at gnupg.org (Werner Koch)
Date: Fri, 08 Sep 2023 15:26:02 +0200
Subject: Failed to export secret key
In-Reply-To: <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net> (Alexander
 Leidinger via Gnupg-users's message of "Fri, 08 Sep 2023 13:49:28
 +0200")
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <87fs3seksp.fsf@jacob.g10code.de>
 <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net>
Message-ID: <874jk46bkl.fsf@jacob.g10code.de>

On Fri,  8 Sep 2023 13:49, Alexander Leidinger said:

> default-yes=_Yes
> 2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254
> Unknown option <Pinentry>

Don't care about this error.  It is shown but ignored.  Future
Pinentries might want to implement a yes button and gpg provides the
translation here.


> 2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
> Operation cancelled <Pinentry>

You clicked on CANCEL or closed the window.

> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for
> the secret parts
[...]
> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
> from agent: Operation cancelled - skipped

You canceled, gpg-agent could not unprotect the key and and thus you get
the error code.

Given that you said it worked in loopback mode - I assume the pinentry
is broken and returns Cancel due to other reasons.  Did you

GPG=$(tty)
export GPG_TTY

in your target's bashrc etc?  The simple tty pinentry is used and it
needs to know its tty - is /dev/pts/5 the correct one?  Try running
pinentry on the target directly:

$ pinentry
getpin

should show the prompt.  Does it - if not, strace the process etc.



Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230908/65d1931d/attachment.sig>

From joz.9 at yahoo.com  Fri Sep  8 22:33:33 2023
From: joz.9 at yahoo.com (Jozsef K.)
Date: Fri, 8 Sep 2023 22:33:33 +0200
Subject: All CPU threads
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
Message-ID: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>

Hi!

Anyone knows if there is a way to use all CPU threads with 
*gnupg-desktop-2.4.3.0-x86_64.AppImage*??

Best,

JK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230908/af1444ca/attachment.html>

From rjh at sixdemonbag.org  Sun Sep 10 01:21:38 2023
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 9 Sep 2023 19:21:38 -0400
Subject: All CPU threads
In-Reply-To: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
Message-ID: <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>

Please do not send HTML to this list.  Many of the people you very much 
hope to read your questions will not read HTML email.

> Anyone knows if there is a way to use all CPU threads with 
> *gnupg-desktop-2.4.3.0-x86_64.AppImage*??

What exactly are you hoping to speed up?  The classic mode of encryption 
used in RFC2440 and RFC4880 is a hacked-up cipher feedback mode, which 
is not parallelizable and doesn't benefit from using multiple threads. 
You can of course use multiple threads, but you won't get any benefit.

So my question is, what exactly is it that you need to speed up?  Once 
we know that, we'll be able to give suggestions for how you might proceed.


From joz.9 at yahoo.com  Sun Sep 10 01:33:13 2023
From: joz.9 at yahoo.com (Jozsef K.)
Date: Sun, 10 Sep 2023 01:33:13 +0200
Subject: All CPU threads
In-Reply-To: <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
 <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
Message-ID: <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>

On 9/10/23 01:21, Robert J. Hansen via Gnupg-users wrote:
> Please do not send HTML to this list.? Many of the people you very 
> much hope to read your questions will not read HTML email.
>
>> Anyone knows if there is a way to use all CPU threads with 
>> *gnupg-desktop-2.4.3.0-x86_64.AppImage*??
>
> What exactly are you hoping to speed up?? The classic mode of 
> encryption used in RFC2440 and RFC4880 is a hacked-up cipher feedback 
> mode, which is not parallelizable and doesn't benefit from using 
> multiple threads. You can of course use multiple threads, but you 
> won't get any benefit.
>
> So my question is, what exactly is it that you need to speed up? Once 
> we know that, we'll be able to give suggestions for how you might 
> proceed.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

Thank you for reply. I was thinking about?speeding up the encryption 
process. But if that's not possible then that's how it is.

Is this message now plain text only?


Best,

Jozsef K.




From rjh at sixdemonbag.org  Sun Sep 10 04:07:04 2023
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 9 Sep 2023 22:07:04 -0400
Subject: All CPU threads
In-Reply-To: <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
 <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
 <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>
Message-ID: <22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org>

> Thank you for reply. I was thinking about?speeding up the encryption 
> process. But if that's not possible then that's how it is.

Thank you for sending a plain-text email to the list!  :)

The answer is a little complicated, but this should be an 
accurate-enough explanation.

Encryption speed is dominated by disk speed first and foremost.  If 
you're encrypting a 1Mb file, you have to read in the file and write it 
out again when you're done: your absolute minimum time is given by 
however long it takes to read and write a 1Mb file.

This is unfortunate, because disk I/O is *slow*.  Even SSDs, which are 
about ten to twenty times as fast as older spinning metal platter hard 
drives, can't completely bridge this gap.  So at the end of the day, 
your bottleneck for encryption is going to be disk I/O.

There are various games people play, like keeping an in-memory 
filesystem.  If you're doing that, then we can look at other places for 
speed improvement.  Remember, as you read what follows: we're doing all 
of these weird things to improve things by a very tiny bit -- the 
bottleneck is in disk I/O!

=====

Encryption generates a random session key and encrypts that with your 
recipient's public key.  Here's your next problem: there are *so many* 
algorithms GnuPG supports, and there isn't a single effective 
parallelization strategy for all of them.  Take RSA as an example: the 
expensive part of the encryption operation is P = C^e (mod n), or as 
normal humans call it, "modular exponentiation".

I've got an IEEE paper on my desk (by Budikafa and Pulungan) dating from 
2017 that says you can parallelize modular exponentiation to get up to a 
28% speed improvement.  That's really nice!  The problem is the phrase 
"up to" a 28% speed improvement, and the fact that only RSA uses modular 
exponentiation, so if your correspondent is using ECC you're kind of out 
of luck.

So, when it comes to the asymmetric part of the encryption: a sequential 
version takes a couple of milliseconds, and best-case scenario by 
throwing multiple threads at it you can save 28% on two milliseconds. 
This is not a big enough win to justify the multithreading.

Once you've encrypted the random session key for each recipient, now you 
have to process the file 16 bytes at a time.  For each block after the 
first, the result of the last block's encryption is an input to the 
current block's encryption.  Block 0 (which is the first -- remember, 
computer scientists are weird, we start counting at zero) doesn't depend 
on anything; block 1 depends on having the output of block 0; block 2 
depends on having the output of block 1; and so on.  Even if you were to 
spin up one thread per block you'd still get no speed improvement. 
You'd be encrypting sequentially, one block at a time until you were 
complete.  Multi-threading is thus theoretically possible, but offers no 
advantages.

(Note that Phil Rogaway kind of disagrees with me: he characterizes 
parallelizing cipher feedback modes as possible "but awkward".  When 
Phil Rogaway, one of the sharpest cryptographers in the world, describes 
an optimization as "awkward", I very quietly turn around and start 
moving in the opposite direction.  Clearly I am in over my head and I 
need to escape.)

https://web.cs.ucdavis.edu/~rogaway/papers/modes.pdf -- search for the 
words "but awkward".

Etcetera, etcetera.  Speeding up encryption operations with multiple 
threads is a *deeply* challenging cryptographic engineering problem, and 
for the vast majority of users isn't worth it.  The easy wins (28% cost 
savings on RSA encryption!  Whee, almost half a millisecond!) are too 
trivial, and the big wins are somewhere between "Rogaway says it's 
awkward" and "Rogaway says it's impossible".

That said, the next RFC draft -- when it comes out -- will be offering 
new encryption modes that may offer better parallelization performance. 
I'm sure that if and when the next RFC is officially released, there 
will be interest in getting parallelization support for them.


From carstengrohmann at gmx.de  Sun Sep 10 20:56:44 2023
From: carstengrohmann at gmx.de (Carsten Grohmann)
Date: Sun, 10 Sep 2023 20:56:44 +0200
Subject: gpg --card-edit cuts secret keys
Message-ID: <20230910205644.1b7cf175@max.localdomain>

Hi,

I've a public key with two subkeys. I transferred one of the subkeys (0x6F5B8616ACB0354B) to a YubiKey 5 NFC and then restored my ~/.gnupg directory.

After that, every time I call "gpg --card-edit", the subkey previously transferred to the Yubikey is truncated without warning. This is an infinite loop. If I restore the ~/.gnupg directory from a backup and run "gpg --card-edit", the key is shortened again.


Initial setup
=============

#  LANG=C gpg --version
gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/carsten/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec   rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
      D17696EEDCFEC2038171D953033AA0B393AFAE6C
      Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid                   [ultimate] Carsten Grohmann <carstengrohmann at gmx.de>
uid                   [ultimate] Carsten Grohmann <carsten at grohmann-online.de>
uid                   [ultimate] Carsten Grohmann <mail at carstengrohmann.de>
ssb   rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
      Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb   rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
      Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68

# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 2055  5. Feb 2015  /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key


Executing "gpg --card-edit"
===========================

# LANG=C gpg --card-edit

Reader ...........: <deleted>
Application ID ...: <deleted>
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: <deleted>
Name of cardholder: Carsten Grohmann
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://carstengrohmann.de/download/carstengrohmann.pub
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: DD36 8F14 0651 75DE B159  3980 6F5B 8616 ACB0 354B
      created ....: 2013-10-16 19:39:54
Authentication key: [none]
General key info..:
sub  rsa4096/0x6F5B8616ACB0354B 2013-10-16 Carsten Grohmann <carstengrohmann at gmx.de>
sec   rsa4096/0x033AA0B393AFAE6C  created: 2013-10-16  expires: 2028-09-02
ssb>  rsa4096/0x6F5B8616ACB0354B  created: 2013-10-16  expires: 2028-09-02
                                  card-no: 0006 18031866
ssb   rsa4096/0x468E025260DD710F  created: 2023-09-04  expires: 2028-09-02



Check the result - key is truncated
===================================

# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec   rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
      D17696EEDCFEC2038171D953033AA0B393AFAE6C
      Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid                   [ultimate] Carsten Grohmann <carstengrohmann at gmx.de>
uid                   [ultimate] Carsten Grohmann <carsten at grohmann-online.de>
uid                   [ultimate] Carsten Grohmann <mail at carstengrohmann.de>
ssb>  rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
      Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb   rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
      Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68

# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 1237 10. Sep 20:48 /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key


Is this an expected behaviour? Can I control it?

Regards,
Carsten


From wk at gnupg.org  Mon Sep 11 09:40:25 2023
From: wk at gnupg.org (Werner Koch)
Date: Mon, 11 Sep 2023 09:40:25 +0200
Subject: All CPU threads
In-Reply-To: <22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org> (Robert
 J. Hansen via Gnupg-users's message of "Sat, 9 Sep 2023 22:07:04
 -0400")
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
 <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
 <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>
 <22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org>
Message-ID: <87o7i940pi.fsf@jacob.g10code.de>

Hi!

Thanks Rob for your comments.  Here are some additional points:

On Sat,  9 Sep 2023 22:07, Robert J. Hansen said:
> and for the vast majority of users isn't worth it.  The easy wins (28%
> cost savings on RSA encryption!  Whee, almost half a millisecond!) are

The blinding we use for RSA (to mitigate side-channel attacks) should be
in the same range as these wins.  I bet that by adding threads to the
computation you will open another can of side-channel attacks.

> performance. I'm sure that if and when the next RFC is officially
> released, there will be interest in getting parallelization support

OCB mode is already used and deployed for years.  With a decent
Libgcrypt (1.10) I get these figures for the old (CFB) and the new mode
(OCB)

 AES256         |  nanosecs/byte   mebibytes/sec   cycles/byte  auto Mhz
        CFB enc |     0.691 ns/B      1379 MiB/s      5.14 c/B      7440?1
        CFB dec |     0.064 ns/B     14959 MiB/s     0.470 c/B      7372?2

        OCB enc |     0.070 ns/B     13547 MiB/s     0.522 c/B      7415?2
        OCB dec |     0.071 ns/B     13451 MiB/s     0.520 c/B      7336?3


These values are for the low level crypto routines.  In reality we also
do a SHA-1 hashing in addition to CFB which makes it even slower.  OTOH.
the protocol requires buffering and the way gpg implements things has a
large impact on the performance.  Fortunately, Jussi Kivilinna also
worked on gpg's buffering and gained a lot of extra speed:

  * gpg: Threefold decryption speedup for large files.
    https://dev.gnupg.org/rGab177eed51  (For the old CFB mode)

  * gpg: Nearly double the AES256.OCB encryption speed.
    https://dev.gnupg.org/rG99e2c178c7

Thus in 2.4 we get this for symmetric encryption of a 4 GiB file from
RAM to /dev/null on a Ryzen5800X:

   AES256.CFB encryption 1.3 GiB/s
   AES256.OCB encryption 4.2 GiB/s

FWIW there are also improvements in signature verification:

  * gpg: Up to five times faster verification of detached signatures.
    Doubled detached signing speed. 
    https://dev.gnupg.org/rG4e27b9defc
    https://dev.gnupg.org/rGf8943ce098

YMMV depending on what kind of data you encrypt, whether signing and
compression comes into the game.  Compression is a major performance hog
- feeding gpg from a (threaded) bzip2 and using -z0 will in general give
better performance than the using the internal compressor code.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230911/64e46f5d/attachment.sig>

From jcb62281 at gmail.com  Tue Sep 12 05:29:29 2023
From: jcb62281 at gmail.com (Jacob Bachmeyer)
Date: Mon, 11 Sep 2023 22:29:29 -0500
Subject: All CPU threads
In-Reply-To: <87o7i940pi.fsf@jacob.g10code.de>
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
 <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
 <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>
 <22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org>
 <87o7i940pi.fsf@jacob.g10code.de>
Message-ID: <64FFDB19.5090408@gmail.com>

Werner Koch via Gnupg-users wrote:
> [...]
>
> On Sat,  9 Sep 2023 22:07, Robert J. Hansen said:
>   
>> and for the vast majority of users isn't worth it.  The easy wins (28%
>> cost savings on RSA encryption!  Whee, almost half a millisecond!) are
>>     
>
> The blinding we use for RSA (to mitigate side-channel attacks) should be
> in the same range as these wins.  I bet that by adding threads to the
> computation you will open another can of side-channel attacks.
>   

So using threads to compute a blinded RSA operation would just about 
recover the computational cost of blinding the calculation?  How would 
hypothetical thread-related side channels matter if we are using 
blinding around the parallel calculation?


-- Jacob


From Eva.Bolten at gnupg.com  Wed Sep 13 09:55:05 2023
From: Eva.Bolten at gnupg.com (Eva Bolten)
Date: Wed, 13 Sep 2023 09:55:05 +0200
Subject: gpg --card-edit cuts secret keys
In-Reply-To: <20230910205644.1b7cf175@max.localdomain>
References: <20230910205644.1b7cf175@max.localdomain>
Message-ID: <1711090.D3lUnNjupU@jackson>

Hi Carsten,

On Sonntag, 10. September 2023 20:56:44 CEST Carsten Grohmann via Gnupg-users 
wrote:
> Is this an expected behaviour? Can I control it?

if you mean by truncated shadowed, then it is this bug:
https://dev.gnupg.org/T6386

It will fixed for the 2.2 branch in 2.2.42

The bug does not occur in the stable 2.4. branch which is the recommended 
branch to use.

Regards,

Eva







From bernhard at intevation.de  Wed Sep 13 10:38:06 2023
From: bernhard at intevation.de (Bernhard Reiter)
Date: Wed, 13 Sep 2023 10:38:06 +0200
Subject: webmail and OpenPGP/MIME -> Mailvelope (Re: Signature)
In-Reply-To: <ZO9S-oOMV_4gK8MY@localhost>
References: <e0e00c2d-b859-1deb-f117-2674dba4ee69@onionmail.org>
 <ZO3WS+4/nG4NRBGJ@mkiii.casa> <ZO9S-oOMV_4gK8MY@localhost>
Message-ID: <202309131038.06929.bernhard@intevation.de>

Am Mittwoch 30 August 2023 16:32:26 schrieb Gilberto F da Silva via 
Gnupg-users:
> ? ? It is getting harder and harder to use GnuPG with email as webmail
> ? ? is used more and more.

  https://mailvelope.com
  https://github.com/mailvelope/mailvelope

enables OpenPGP in webmail
and if the webmail service is offering the necessary support,
you can do OpenPGP/MIME as well.

Mailvelope supports using GnuPG as crypto backend,
though it could be easier to set up.

Bernhard

-- 
https://intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230913/b95501c4/attachment.sig>

From bernhard at intevation.de  Wed Sep 13 10:42:27 2023
From: bernhard at intevation.de (Bernhard Reiter)
Date: Wed, 13 Sep 2023 10:42:27 +0200
Subject: very large RSA key (Re: Sirs:)
In-Reply-To: <f2e735e0-5336-0892-de18-65066f2f2f66@onionmail.org>
References: <f2e735e0-5336-0892-de18-65066f2f2f66@onionmail.org>
Message-ID: <202309131042.27662.bernhard@intevation.de>

Am Freitag 25 August 2023 18:37:15 schrieb xyz938 via Gnupg-users:
> Where do I change in the code to create a 32764 bit key?

Look where the --enable-large-rsa is implemented in the code,
see https://wiki.gnupg.org/LargeKeys for some discussion why using
a large RSA keypair is a bad idea.

Bernhard

-- 
https://intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230913/41faf65a/attachment.sig>

From bernhard at intevation.de  Wed Sep 13 10:33:20 2023
From: bernhard at intevation.de (Bernhard Reiter)
Date: Wed, 13 Sep 2023 10:33:20 +0200
Subject: Failed to export secret key
In-Reply-To: <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net>
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <874jk46bkl.fsf@jacob.g10code.de>
 <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net>
Message-ID: <202309131033.32953.bernhard@intevation.de>

Am Freitag 08 September 2023 15:40:43 schrieb Alexander Leidinger via 
Gnupg-users:
> > You clicked on CANCEL or closed the window.
>
> No prompt at all in the console / ssh connection (and no graphics, so
> nothing to click on). So no manual cancelling from me.

There used to be pinentries issues with terminal size in the past
https://dev.gnupg.org/T5322
https://dev.gnupg.org/T4924

Maybe that helps with debugging. You could try a large terminal window.

Bernhard
-- 
https://intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230913/adf0297b/attachment-0001.sig>

From wk at gnupg.org  Wed Sep 13 12:28:31 2023
From: wk at gnupg.org (Werner Koch)
Date: Wed, 13 Sep 2023 12:28:31 +0200
Subject: All CPU threads
In-Reply-To: <64FFDB19.5090408@gmail.com> (Jacob Bachmeyer via Gnupg-users's
 message of "Mon, 11 Sep 2023 22:29:29 -0500")
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>
 <21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>
 <214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>
 <723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>
 <22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org>
 <87o7i940pi.fsf@jacob.g10code.de> <64FFDB19.5090408@gmail.com>
Message-ID: <87msxqjrjk.fsf@jacob.g10code.de>

On Mon, 11 Sep 2023 22:29, Jacob Bachmeyer said:

> So using threads to compute a blinded RSA operation would just about
> recover the computational cost of blinding the calculation?  How would

No.  I gave this as an example where you could else see on how to speed
up things.  For example if you do not need to mitigate local
side-channel attacks.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230913/3d946078/attachment.sig>

From wk at gnupg.org  Wed Sep 13 12:34:50 2023
From: wk at gnupg.org (Werner Koch)
Date: Wed, 13 Sep 2023 12:34:50 +0200
Subject: Failed to export secret key
In-Reply-To: <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net> (Alexander
 Leidinger via Gnupg-users's message of "Fri, 08 Sep 2023 15:40:43
 +0200")
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <87fs3seksp.fsf@jacob.g10code.de>
 <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net>
 <874jk46bkl.fsf@jacob.g10code.de>
 <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net>
Message-ID: <87il8ejr91.fsf@jacob.g10code.de>

Hi,

so everthing looks okay.  What I would now do is to strace pinentry;
Here is a wpinentry wrapper I have used in the past.

--8<---------------cut here---------------start------------->8---
#!/bin/sh

MYPINENTRY="/usr/local/bin/pinentry-qt"

locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -v -d "$@" 2>>/tmp/pinentry.err
#exec valgrind  $MYPINENTRY  -d "$@" 2>>/tmp/pinentry.err
--8<---------------cut here---------------end--------------->8---

Adjust to your needs and put

pinentry-program /home/foo/bin/pinentry-wrapper

into gpg-agent.conf.  gpgconf --kill gpg-agent and try again.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230913/9c7ca243/attachment.sig>

From jcb62281 at gmail.com  Thu Sep 14 00:14:57 2023
From: jcb62281 at gmail.com (Jacob Bachmeyer)
Date: Wed, 13 Sep 2023 17:14:57 -0500
Subject: All CPU threads
In-Reply-To: <87msxqjrjk.fsf@jacob.g10code.de>
References: <21ba5f9e-8c4b-44c8-ac8c-e395ced682de.ref@yahoo.com>	<21ba5f9e-8c4b-44c8-ac8c-e395ced682de@yahoo.com>	<214510da-b7d8-0a42-9e4a-4ba5d5f8ba5d@sixdemonbag.org>	<723883cd-a5e9-434f-b8bd-6f12f899a701@yahoo.com>	<22a488b6-70f9-facf-1bd6-46ee504993e1@sixdemonbag.org>	<87o7i940pi.fsf@jacob.g10code.de>
 <64FFDB19.5090408@gmail.com> <87msxqjrjk.fsf@jacob.g10code.de>
Message-ID: <65023461.8000604@gmail.com>

Werner Koch wrote:
> On Mon, 11 Sep 2023 22:29, Jacob Bachmeyer said:
>
>   
>> So using threads to compute a blinded RSA operation would just about
>> recover the computational cost of blinding the calculation?  How would
>>     
>
> No.  I gave this as an example where you could else see on how to speed
> up things.  For example if you do not need to mitigate local
> side-channel attacks.

OK, I get it now:  you were suggesting that there are easier trade-offs 
for similar performance gains.  Thanks.


-- Jacob



From acm at muc.de  Wed Sep 13 22:48:26 2023
From: acm at muc.de (Alan Mackenzie)
Date: Wed, 13 Sep 2023 20:48:26 +0000
Subject: Unhelpful error message while attempting to generate key pair
Message-ID: <ZQIgGk7HuEY86csX@ACM>

Hello, gpg.

I'm trying to use gpg-2.2.41 on an up to date Gentoo GNU/Linux system.

I type

    $ gpg --gen-key

, answer the questions about my name and email address, then wait ...,
and wait, ... and wait.

Finally a half error message appears:

    agent_genkey failed: Timeout

, followed by a repetition looking like:

    Key generation failed: Timeout

..  This is an exceptionally unhelpful error message: it doesn't tell me
_what_ has timed out, thus giving me no clue as to what I need to fix.

Have I got something not configured right?  Am I missing some library?
If I need to read the fine manual, _which_ manual, and _which_ part of
it?

Help!

Please help me get my gnupg working!

Thanks!

-- 
Alan Mackenzie (Nuremberg, Germany).


From wk at gnupg.org  Thu Sep 14 15:53:48 2023
From: wk at gnupg.org (Werner Koch)
Date: Thu, 14 Sep 2023 15:53:48 +0200
Subject: Unhelpful error message while attempting to generate key pair
In-Reply-To: <ZQIgGk7HuEY86csX@ACM> (Alan Mackenzie via Gnupg-users's message
 of "Wed, 13 Sep 2023 20:48:26 +0000")
References: <ZQIgGk7HuEY86csX@ACM>
Message-ID: <87edj0j1xv.fsf@jacob.g10code.de>

On Wed, 13 Sep 2023 20:48, Alan Mackenzie said:

> I type
>
>     $ gpg --gen-key

Use

   gpg -v --gen-key

to see more warning.

>     agent_genkey failed: Timeout

Look like a problem with your pinentry.  Did it show up on another
screen?  The "-v" should tell you which pinentry was invoked; share that
with us for help.

Next debug level would be

  gpg -v --debug ipc --gen-key

but I don't think you need this.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230914/c215885f/attachment.sig>

From robbat2 at gentoo.org  Thu Sep 14 20:30:28 2023
From: robbat2 at gentoo.org (robbat2 at gentoo.org)
Date: Thu, 14 Sep 2023 11:30:28 -0700
Subject: [PATCH gnupg] gpg: Add --list-filter properties
 sig_expires/sig_expires_d
Message-ID: <20230914183028.8638-1-robbat2@gentoo.org>

From: "Robin H. Johnson" <robbat2 at gentoo.org>

Modelled after key_expires/key_expires_d.

This should be useful to detect upcoming certification expiry, so the
certifications can be renewed in advance of the expiry.

Signed-off-by: Robin H. Johnson <robbat2 at gentoo.org>
---
 doc/gpg.texi |  6 ++++++
 g10/import.c | 14 ++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 15b3243d0..6ba944edb 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2715,6 +2715,12 @@ The available properties are:
   second is the same but given as an ISO date string,
   e.g. "2016-08-17". (drop-sig)
 
+  @item sig_expires
+  @itemx sig_expires_d
+  The expiration time of a signature packet or 0 if it does not
+  expire.  The second is the same but given as an ISO date string or
+  an empty string e.g. "2038-01-19".
+
   @item sig_algo
   A number with the public key algorithm of a signature packet. (drop-sig)
 
diff --git a/g10/import.c b/g10/import.c
index d84a083cc..c1e76c3f0 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1509,6 +1509,20 @@ impex_filter_getval (void *cookie, const char *propname)
         {
           result = dateonlystr_from_sig (sig);
         }
+      else if (!strcmp (propname, "sig_expires"))
+        {
+          snprintf (numbuf, sizeof numbuf, "%lu", (ulong)sig->expiredate);
+          result = numbuf;
+        }
+      else if (!strcmp (propname, "sig_expires_d"))
+        {
+          static char exdatestr[MK_DATESTR_SIZE];
+
+          if (sig->expiredate)
+            result = mk_datestr (exdatestr, sizeof exdatestr, sig->expiredate);
+          else
+            result = "";
+        }
       else if (!strcmp (propname, "sig_algo"))
         {
           snprintf (numbuf, sizeof numbuf, "%d", sig->pubkey_algo);
-- 
2.42.0



From acm at muc.de  Thu Sep 14 16:33:33 2023
From: acm at muc.de (Alan Mackenzie)
Date: Thu, 14 Sep 2023 14:33:33 +0000
Subject: Unhelpful error message while attempting to generate key pair
In-Reply-To: <87edj0j1xv.fsf@jacob.g10code.de>
References: <ZQIgGk7HuEY86csX@ACM>
 <87edj0j1xv.fsf@jacob.g10code.de>
Message-ID: <ZQMZvUKBwW8MEB5S@ACM>

Hello, Werner,

Thanks for such a fast and helpful answer to my post.

But I'd like to apologise for the tone of my first post, which came out
rather rude, something I hadn't intended.

On Thu, Sep 14, 2023 at 15:53:48 +0200, Werner Koch wrote:
> On Wed, 13 Sep 2023 20:48, Alan Mackenzie said:

> > I type

> >     $ gpg --gen-key

> Use

>    gpg -v --gen-key

> to see more warning.

I did that.  It came out saying something about gnome3.  ;-(

> >     agent_genkey failed: Timeout

> Look like a problem with your pinentry.  Did it show up on another
> screen?  The "-v" should tell you which pinentry was invoked; share that
> with us for help.

Yes, it was my pinentry, which had been set up to use gnome3.  I was
calling gpg on a Linux tty.  As soon as I amended the setup to use
pinentry-curses (Gentoo has a utility to do this), --gen-key worked.

> Next debug level would be

>   gpg -v --debug ipc --gen-key

> but I don't think you need this.

Indeed not.

I now have a 3072-bit key pair, valid for two years.  Thanks again!

> Salam-Shalom,

>    Werner

-- 
Alan Mackenzie (Nuremberg, Germany).


From wk at gnupg.org  Fri Sep 15 10:44:16 2023
From: wk at gnupg.org (Werner Koch)
Date: Fri, 15 Sep 2023 10:44:16 +0200
Subject: Unhelpful error message while attempting to generate key pair
In-Reply-To: <ZQMZvUKBwW8MEB5S@ACM> (Alan Mackenzie via Gnupg-users's message
 of "Thu, 14 Sep 2023 14:33:33 +0000")
References: <ZQIgGk7HuEY86csX@ACM> <87edj0j1xv.fsf@jacob.g10code.de>
 <ZQMZvUKBwW8MEB5S@ACM>
Message-ID: <87jzsrhllr.fsf@jacob.g10code.de>

On Thu, 14 Sep 2023 14:33, Alan Mackenzie said:

> But I'd like to apologise for the tone of my first post, which came out

No problem, my tone is also often pretty rude.

> Yes, it was my pinentry, which had been set up to use gnome3.  I was

Actually a pinentry should fallback to curses if DISPLAY is not set.
But the pinentry-gnome3 (?) has some special features and I doubt that
anyone looked at it for a long time.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230915/170ae018/attachment.sig>

From carstengrohmann at gmx.de  Fri Sep 15 15:53:28 2023
From: carstengrohmann at gmx.de (Carsten Grohmann)
Date: Fri, 15 Sep 2023 15:53:28 +0200 (GMT+02:00)
Subject: gpg --card-edit cuts secret keys
In-Reply-To: <1711090.D3lUnNjupU@jackson>
References: <20230910205644.1b7cf175@max.localdomain>
 <1711090.D3lUnNjupU@jackson>
Message-ID: <70a09d48-d696-49f9-a2a5-f194bbbe5074@gmx.de>

Hi Eva,

13.09.2023 10:18:36 Eva Bolten via Gnupg-users <gnupg-users at gnupg.org>:

> if you mean by truncated shadowed, then it is this bug:
> https://dev.gnupg.org/T6386
This bug matches to the seen behaviour.

> The bug does not occur in the stable 2.4. branch which is the
> recommended
> branch to use.

I switched to the current 2.4 release and "gpg - - card-edit" works like
expected.

Thank you for your support.

Regards,
Carsten


From Alexander at Leidinger.net  Fri Sep 22 14:06:58 2023
From: Alexander at Leidinger.net (Alexander Leidinger)
Date: Fri, 22 Sep 2023 14:06:58 +0200
Subject: Failed to export secret key
In-Reply-To: <87il8ejr91.fsf@jacob.g10code.de>
References: <fbdb30fb08ff7c7c47468e03870fed65@Leidinger.net>
 <87fs3seksp.fsf@jacob.g10code.de>
 <5e92f52e17ea1060b20d6e4103971a60@Leidinger.net>
 <874jk46bkl.fsf@jacob.g10code.de>
 <4cdff47b673304e40a3339bb5155ae5f@Leidinger.net>
 <87il8ejr91.fsf@jacob.g10code.de>
Message-ID: <6323112b42227a3f5e11c789bc9f9582@Leidinger.net>

Am 2023-09-13 12:34, schrieb Werner Koch:
> Hi,
> 
> so everthing looks okay.  What I would now do is to strace pinentry;
> Here is a wpinentry wrapper I have used in the past.
> 
> --8<---------------cut here---------------start------------->8---
> #!/bin/sh
> 
> MYPINENTRY="/usr/local/bin/pinentry-qt"
> 
> locale >/tmp/pinentry.err
> set >>/tmp/pinentry.err
> exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -v -d "$@" 
> 2>>/tmp/pinentry.err
> #exec valgrind  $MYPINENTRY  -d "$@" 2>>/tmp/pinentry.err
> --8<---------------cut here---------------end--------------->8---
> 
> Adjust to your needs and put

pinentry-tty doesn't support "-v" (removed), and I used the FreeBSD 
ktrace...

> pinentry-program /home/foo/bin/pinentry-wrapper
> 
> into gpg-agent.conf.  gpgconf --kill gpg-agent and try again.

The issue is, that pinentry-tty can't open the tty. The errno is no such 
file or directory, but it is is visible with ls. The reason why this 
happens is that I ssh to the FreeBSD host, and from there login into a 
jail. The jail imposes some access restrictions on processes within the 
jail.

If I ssh into this account, a new tty is opened and the export works as 
it should.

As such I opened a discussion on the FreeBSD side about this behavior. 
The is at least a mismatch of what you see (the pts) and what you can do 
(normally if you see a pts, you can access it), so to me either it 
should allow the access, or not show the pts in ls...

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230922/58bd4525/attachment.sig>

From guru at unixarea.de  Sun Sep 24 20:42:27 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Sun, 24 Sep 2023 20:42:27 +0200
Subject: after OS update I can't use my OpenPGP card anymore
Message-ID: <ZRCDE1axkpLS0joR@c720-1400094>


Hello,

After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
my OpenPGP card with the USB token anymore. In /var/log/messages
it says:

Sep 24 19:33:02 c720-1400094 kernel: ugen0.4: <Identiv uTrust 3512 SAM slot Token> at usbus0 
Sep 24 19:33:07 c720-1400094 kernel: pid 3886 (scdaemon), jid 0, uid 1001: exited on signal 11

and in the debug log of scdaemon I have the following lines which
let me think, that the communication with the card seems to work
and scdaemon pid=3886 crashes while communicating with the card

Any hints how to debug this

Thanks

	matthias



2023-09-24 19:33:07 scdaemon[3886.28ae4d612000] escuchando en el socket '/var/run/user/1001/gnupg/d.m4rfaasqebhjmgto9ddm6m7y/S.scdaemon'
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] manejador del descriptor -1 iniciado
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 -> OK GNU Privacy Guard's Smartcard server ready
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 <- GETINFO socket_name
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 -> D /var/run/user/1001/gnupg/d.m4rfaasqebhjmgto9ddm6m7y/S.scdaemon
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 -> OK
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 <- OPTION event-signal=31
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 -> OK
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: chan_7 <- SERIALNO --all
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: apdu_open_reader: BAI=400
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: apdu_open_reader: new device=400
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: using CCID reader 0 (ID=04E6:5816:55511725600891:0)
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: idVendor: 04E6  idProduct: 5816  bcdDevice: 0202
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: ChipCard Interface Descriptor:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bLength                54
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bDescriptorType        33
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bcdCCID              1.10  (Warning: Only accurate for version 1.0)
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   nMaxSlotIndex           0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bVoltageSupport         7  ?
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwProtocols             3  T=0 T=1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwDefaultClock       4800
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwMaxiumumClock     16000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bNumClockSupported      0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwDataRate          12903 bps
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwMaxDataRate      600000 bps
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bNumDataRatesSupp.      0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwMaxIFSD             252
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwSyncProtocols  00000000 
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwMechanical     00000000 
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwFeatures       000100BA
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     Auto configuration based on ATR (assumes auto voltage)
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     Auto voltage selection
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     Auto clock change
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     Auto baud rate change
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     Auto PPS made by CCID
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:     TPDU level exchange
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwMaxCCIDMsgLen       271
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bClassGetResponse    echo
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bClassEnvelope       echo
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wlcdLayout           none
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bPINSupport             0 
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bMaxCCIDBusySlots       1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_IccPowerOn:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bPowerSelect ......: 0x00 (auto)
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0008]  00 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 21
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  3B DA 18 FF 81 B1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_SetParameters:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bProtocolNum ......: 0x01
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0008]  00 00 18 10 FF 75 00 FE
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_Parameters:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   protocol ..........: T=1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bmFindexDindex ....: 18
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bmTCCKST1 .........: 10
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bGuardTimeT1 ......: FF
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bmWaitingIntegersT1: 75
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bClockStop ........: 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bIFSC .............: 254
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bNadValue .........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 3
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 C1 01 FC 3C
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 3
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 E1 01 FC 1C
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: IFSD has been set to 252
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] reader slot 0: using ccid driver
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] slot 0: ATR=3bda18ff81b1fe751f030031c573c001400090000c
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: enter: apdu_connect: slot=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: leave: apdu_connect => sw=0x0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00a4000c023f00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 11
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 07 00 A4 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  0C 02 3F 00 92
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 02 6B 00 69
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=6B00  datalen=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00a4040006d27600012401
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 15
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 0B 00 A4 04
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  00 06 D2 76 00 01 24 01 6D
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 02 90 00 D2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: [all zero]
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca004f00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  4F 00 80
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 22
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 12 D2 76 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  01 24 01 02 01 00 05 00 00 53 2B 00 00 90 00 7C
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=16
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: d27600012401020100050000532b0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] AID: d27600012401020100050000532b0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca5f5200
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 8
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 05 00 CA 5F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  52 00 82
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 16
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 8
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 0C 00 31 C5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  73 C0 01 40 05 90 00 90 00 4F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=10
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 0031c573c00140059000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Historical Bytes: 0031c573c00140059000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca00c400
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  C4 00 0B
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 13
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 09 01 20 20
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  20 03 00 03 90 00 B8
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 01202020030003
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca006e00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 10
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  6E 00 E1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 223
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 10
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 DB 4F 10 D2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  76 00 01 24 01 02 01 00 05 00 00 53 2B 00 00 5F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0032]  52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0048]  0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0064]  00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0080]  00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 5E 69
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0096]  FB AC 16 18 56 2C B3 CB FB C1 47 CC F7 E4 76 FE
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0112]  9D 11 EB 62 00 DA 13 A1 9E 80 67 9B 1A 13 61 F1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0128]  EC B6 25 C9 A6 C3 E5 1D D2 D6 C7 27 35 D6 65 1D
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0144]  EA 4B 6A A5 C5 C4 51 A1 CD 1C C6 3C 00 00 00 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0160]  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0176]  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0192]  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0208]  00 00 00 00 00 00 00 00 CD 0C 59 18 9F D7 59 18
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0224]  9F D7 59 18 9F D7 90 00 59
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=217
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 4f10d27600012401020100050000532b00005f520a0031c573c0014005900073 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  81b7c00a7c000800080008000800c106011000002000c206011000002000c306 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  011000002000c40701202020030003c53c5e69fbac1618562cb3cbfbc147ccf7 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  e476fe9d11eb6200da13a19e80679b1a1361f1ecb625c9a6c3e51dd2d6c72735 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  d6651dea4b6aa5c5c451a1cd1cc63c0000000000000000000000000000000000 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  0000000000000000000000000000000000000000000000000000000000000000 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  0000000000000000000000cd0c59189fd759189fd759189fd7
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=7F p2=74 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca7f7400
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 11
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 05 00 CA 7F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  74 00 C4
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 11
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 02 6A 88 E0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=6A88  datalen=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca005e00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 12
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  5E 00 D1
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 12
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 02 90 00 D2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: [all zero]
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Version-2+ .....: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Version-3+ .....: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Button .........: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] SM-Support .....: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Get-Challenge ..: yes (2048 bytes max)
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Import .....: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Change-Force-PW1: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Private-DOs ....: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Algo-Attr-Change: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Symmetric Crypto: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] KDF-Support ....: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Max-Cert-Len ...: 2048
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Cmd-Chaining ...: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Ext-Lc-Le ......: yes
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Status-Indicator: 05
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] GnuPG-No-Sync ..: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] GnuPG-Def-PW2 ..: no
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Attr-sign ..: RSA, n=4096, e=32, fmt=std
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Algo-sign ..: rsa4096
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Algo-encr ..: rsa4096
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] Key-Algo-auth ..: rsa4096
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca005e00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 13
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  5E 00 91
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 13
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 02 90 00 92
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: [all zero]
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DO 'Login Data': 
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=5F p2=50 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca5f5000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 14
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 05 00 CA 5F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  50 00 80
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 54
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 14
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 32 68 74 74
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  70 3A 2F 2F 77 77 77 2E 75 6E 69 78 61 72 65 61
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0032]  2E 64 65 2F 63 63 69 64 2D 2D 65 78 70 6F 72 74
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0048]  2D 6B 65 79 2D 67 75 72 75 2E 70 75 62 90 00 A6
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=48
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 687474703a2f2f7777772e756e6978617265612e64652f636369642d2d657870 \
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  6f72742d6b65792d677572752e707562
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DO 'URL': 'http://www.unixarea.de/ccid--export-key-guru.pub'
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca5f5200
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 15
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 05 00 CA 5F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  52 00 C2
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 16
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 15
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 00 0C 00 31 C5
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  73 C0 01 40 05 90 00 90 00 0F
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=10
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 0031c573c00140059000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DO 'Historical Bytes': 0031c573c00140059000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: send apdu: c=00 i=CA p1=00 p2=65 lc=-1 le=256 em=0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  raw apdu: 00ca006500
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 9
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 16
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bBWI ..............: 0x00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   wLevelParameter ...: 0x0000
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 05 00 CA 00
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  65 00 EA
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver: RDR_to_PC_DataBlock:
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   dwLength ..........: 32
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSlot .............: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bSeq ..............: 16
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   bStatus ...........: 0
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0010]  00 40 1C 5B 0F 41
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0016]  70 69 74 7A 3C 3C 4D 61 74 74 68 69 61 73 5F 2D
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG: ccid-driver:   [0032]  02 65 6E 5F 35 01 39 90 00 D8
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:  response: sw=9000  datalen=26
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DBG:      dump: 5b0f417069747a3c3c4d617474686961735f2d02656e5f350139
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DO 'Cardholder Related Data': 5b0f417069747a3c3c4d617474686961735f2d02656e5f350139
2023-09-24 19:33:07 scdaemon[3886.28ae4d612700] DO 'Name': 'Apitz<<Matthias'


-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


From gniibe at fsij.org  Mon Sep 25 04:03:23 2023
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Mon, 25 Sep 2023 11:03:23 +0900
Subject: after OS update I can't use my OpenPGP card anymore
In-Reply-To: <ZRCDE1axkpLS0joR@c720-1400094>
References: <ZRCDE1axkpLS0joR@c720-1400094>
Message-ID: <87v8bzau1g.fsf@akagi.fsij.org>

Hello,

Matthias Apitz <guru at unixarea.de> wrote:
> After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
> my OpenPGP card with the USB token anymore. In /var/log/messages
> it says:
[...]
> Any hints how to debug this

You can run scdaemon as a foreground process to debug.  An example
session is like:

	$ SOME_PATH_TO_scdaemon --debug-all --verbose --verbose --server
	...
	SERIALNO
	...
	BYE
	$ 

(Here, "SERIALNO" and "BYE" is input from terminal by a user)

Likewise, you can invoke scdaemon as a foreground process from GDB.
Then, you may locate the place where it crashes.
-- 


From guru at unixarea.de  Mon Sep 25 07:18:40 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Mon, 25 Sep 2023 07:18:40 +0200
Subject: after OS update I can't use my OpenPGP card anymore
In-Reply-To: <87v8bzau1g.fsf@akagi.fsij.org>
References: <ZRCDE1axkpLS0joR@c720-1400094>
 <87v8bzau1g.fsf@akagi.fsij.org>
Message-ID: <ZREYMFALE8Bl5ZT0@c720-1400094.fritz.box>

El d?a lunes, septiembre 25, 2023 a las 11:03:23a. m. +0900, NIIBE Yutaka escribi?:

> Hello,
> 
> Matthias Apitz <guru at unixarea.de> wrote:
> > After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
> > my OpenPGP card with the USB token anymore. In /var/log/messages
> > it says:
> [...]
> > Any hints how to debug this
> 
> You can run scdaemon as a foreground process to debug.  An example
> session is like:
> 
> 	$ SOME_PATH_TO_scdaemon --debug-all --verbose --verbose --server
> 	...
> 	SERIALNO
> 	...
> 	BYE
> 	$ 
> 
> (Here, "SERIALNO" and "BYE" is input from terminal by a user)
> 
> Likewise, you can invoke scdaemon as a foreground process from GDB.
> Then, you may locate the place where it crashes.
> -- 

I run it in GDB as:

$ gdb /usr/local/libexec/scdaemon
...
r --debug-all --verbose --verbose --server
...
OK GNU Privacy Guard's Smartcard server ready
SERIALNO
[New LWP 101967 of process 2622]

Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
[Switching to LWP 101959 of process 2622]
0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
(gdb) bt
#0  0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
#1  0x00000008004314ef in ?? () from /usr/local/lib/libgpg-error.so.0
#2  0x00000008004304e4 in ?? () from /usr/local/lib/libgpg-error.so.0
#3  0x000000080042fdad in ?? () from /usr/local/lib/libgpg-error.so.0
#4  0x000000080042d5e3 in ?? () from /usr/local/lib/libgpg-error.so.0
#5  0x00000008004343ad in ?? () from /usr/local/lib/libgpg-error.so.0
#6  0x0000000800432bef in gpgrt_log_info ()
   from /usr/local/lib/libgpg-error.so.0
#7  0x00000000002436e8 in ?? ()
...

I have to compile it by my own (and not install it as a FreeBSD pkg) and
with debug symbols.

	matthias

-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


From guru at unixarea.de  Mon Sep 25 10:27:42 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Mon, 25 Sep 2023 10:27:42 +0200
Subject: problem with building libgcrypt-1.10.2 from source
Message-ID: <ZRFEfimSoKRK53O+@pureos>


I'm building the full GnuPG suite from source (to get a version for
debugging a scdaemon problem). To not break the installed version in the
OS I'm building with a prefix directory below my HOME. After downloading
the sources from www.gnupg.org and unpacking them, I started with:

cd libgpg-error-1.47
./configure --prefix=/home/sisis/scdaemon/usr-local
make
make install

This went fine and produced esp. the following results:

ls -l /home/sisis/scdaemon/usr-local/bin
insgesamt 188
-rwxr-xr-x 1 sisis sisis 82768 25. Sep 09:58 gpg-error
-rwxr-xr-x 1 sisis sisis 16426 25. Sep 09:58 gpgrt-config
-rwxr-xr-x 1 sisis sisis 85488 25. Sep 09:58 yat2m

ls -l /home/sisis/scdaemon/usr-local/lib64
insgesamt 656
-rwxr-xr-x 1 sisis sisis    978 25. Sep 09:58 libgpg-error.la
lrwxrwxrwx 1 sisis sisis     22 25. Sep 09:58 libgpg-error.so -> libgpg-error.so.0.34.0
lrwxrwxrwx 1 sisis sisis     22 25. Sep 09:58 libgpg-error.so.0 -> libgpg-error.so.0.34.0
-rwxr-xr-x 1 sisis sisis 658688 25. Sep 09:58 libgpg-error.so.0.34.0
drwxr-xr-x 1 sisis sisis     24 25. Sep 09:58 pkgconfig

But the configure step for libcrypt failes:

cd libgcrypt-1.10.2
./configure --prefix=/home/guru/scdaemon/usr-local --with-libgpg-error-prefix=/home/guru/scdaemon/usr-local
...
checking for gpg-error-config... /home/guru/scdaemon/usr-local/bin/gpg-error-config
checking for gpgrt-config... no
./configure: line 15527: /home/guru/scdaemon/usr-local/bin/gpg-error-config: No such file or directory
./configure: line 15542: test: : integer expression expected
./configure: line 15545: test: : integer expression expected
checking for GPG Error - version >= 1.27... no
configure: error: libgpg-error is needed.
                See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .

I looked into the source tree of libgpg-error-1.47 to see why
/home/guru/scdaemon/usr-local/bin/gpg-error-config is missing:

find libgpg-error-1.47 -name 'gpg-error-confi*'
libgpg-error-1.47/doc/gpg-error-config.1
libgpg-error-1.47/src/gpg-error-config.in
libgpg-error-1.47/src/gpg-error-config-test.sh.in
libgpg-error-1.47/src/gpg-error-config-old
libgpg-error-1.47/src/gpg-error-config-test.sh
libgpg-error-1.47/src/gpg-error-config

i.e. libgpg-error-1.47/src/gpg-error-config was built but not installed:

s -l libgpg-error-1.47/src/gpg-error-config
-rwxr-xr-x 1 sisis sisis 2115 25. Sep 09:57 libgpg-error-1.47/src/gpg-error-config
sisis at srap51dxr1:~/scdaemon> ls -l usr-local/bin/gpg-error*
-rwxr-xr-x 1 sisis sisis 82768 25. Sep 09:58 usr-local/bin/gpg-error

I run the make of libgpg-error-1.47 again with

cd libgpg-error-1.47
make clean
nohup make
nohup make install

grep gpg-error-config nohup.out
cd .. && /bin/sh ./config.status src/gpg-error-config-old
config.status: creating src/gpg-error-config-old
cd .. && /bin/sh ./config.status src/gpg-error-config-test.sh
config.status: creating src/gpg-error-config-test.sh
Confirm gpg-error-config works... good
cp gpg-error-config-old gpg-error-config

i.e. gpg-error-config is built fine but not installed.

What did I wrong? Thanks

	matthias

-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


From guru at unixarea.de  Mon Sep 25 11:59:45 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Mon, 25 Sep 2023 11:59:45 +0200
Subject: problem with building libgcrypt-1.10.2 from source
In-Reply-To: <ZRFEfimSoKRK53O+@pureos>
References: <ZRFEfimSoKRK53O+@pureos>
Message-ID: <ZRFaEZoEf2UpUv+e@pureos>


Please forget my mail and forgive me the noise. I used the wrong HOME.

	matthias
-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


From guru at unixarea.de  Mon Sep 25 14:45:20 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Mon, 25 Sep 2023 14:45:20 +0200
Subject: gnugp 2.4.3 fails to build with --disable-ldap
Message-ID: <ZRGA4PmXi1U0CS1v@pureos>

As the subject says:

cd gnupg-2.4.3
./configure --prefix=/home/sisis/scdaemon/usr-local --with-libgpg-error-prefix=/home/sisis/scdaemon/usr-local --with-libgcrypt-prefix=/home/sisis/scdaemon/usr-local --with-libassuan-prefix=/home/sisis/scdaemon/usr-local --with-libksba-prefix=/home/sisis/scdaemon/usr-local --with-npth-prefix=/home/sisis/scdaemon/usr-local --with-ntbtls-prefix=/home/sisis/scdaemon/usr-local --disable-ldap

make

...
gcc -std=gnu99 -I/home/sisis/scdaemon/usr-local/include -I/home/sisis/scdaemon/usr-local/include -I/home/sisis/scdaemon/usr-local/include -I/home/sisis/scdaemon/usr-local/include -I/home/sisis/scdaemon/usr-local/include -I/home/sisis/scdaemon/usr-local/include  -Wall -Wno-format-zero-length -Wno-pointer-sign -Wpointer-arith -g -O2   -o dirmngr dirmngr.o server.o crlcache.o crlfetch.o fakecrl.o certcache.o domaininfo.o workqueue.o loadswdb.o cdblib.o misc.o ocsp.o validate.o dns-stuff.o http.o http-common.o http-ntbtls.o ks-action.o ks-engine-hkp.o ks-engine-http.o ks-engine-finger.o ks-engine-kdns.o dns.o  ../common/libcommonpth.a -lresolv  -L/home/sisis/scdaemon/usr-local/lib64 -lassuan -L/home/sisis/scdaemon/usr-local/lib64 -lksba -lgpg-error -L/home/sisis/scdaemon/usr-local/lib64 -lnpth -lpthread -L/home/sisis/scdaemon/usr-local/lib64 -lntbtls -lgpg-error  -L/home/sisis/scdaemon/usr-local/lib64 -lgcrypt -L/home/sisis/scdaemon/usr-local/lib64 -lgpg-error
/usr/lib64/gcc/x86_64-suse-linux/7/../../../../x86_64-suse-linux/bin/ld: server.o: in function `cmd_ad_query':
/home/sisis/scdaemon/gnupg-2.4.3/dirmngr/server.c:2779: undefined reference to `ks_ldap_help_variables'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:937: dirmngr] Fehler 1

There is an older closed bug against 2.3.8: https://dev.gnupg.org/T6239

How to fix this?

I helped me as workaround with:

touch /home/guru/scdaemon/gnupg-2.4.3/dirmngr/dirmngr

With this the 'make && make install' went fine.

	matthias

-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


From gniibe at fsij.org  Tue Sep 26 02:35:52 2023
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 26 Sep 2023 09:35:52 +0900
Subject: after OS update I can't use my OpenPGP card anymore
In-Reply-To: <ZREYMFALE8Bl5ZT0@c720-1400094.fritz.box>
References: <ZRCDE1axkpLS0joR@c720-1400094> <87v8bzau1g.fsf@akagi.fsij.org>
 <ZREYMFALE8Bl5ZT0@c720-1400094.fritz.box>
Message-ID: <87fs31db4n.fsf@akagi.fsij.org>

Matthias Apitz <guru at unixarea.de> wrote:
> $ gdb /usr/local/libexec/scdaemon
> ...
> r --debug-all --verbose --verbose --server
> ...
> OK GNU Privacy Guard's Smartcard server ready
> SERIALNO
> [New LWP 101967 of process 2622]
>
> Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault.
> Address not mapped to object.
> [Switching to LWP 101959 of process 2622]
> 0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
> (gdb) bt
> #0  0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
> #1  0x00000008004314ef in ?? () from /usr/local/lib/libgpg-error.so.0
> #2  0x00000008004304e4 in ?? () from /usr/local/lib/libgpg-error.so.0
> #3  0x000000080042fdad in ?? () from /usr/local/lib/libgpg-error.so.0
> #4  0x000000080042d5e3 in ?? () from /usr/local/lib/libgpg-error.so.0
> #5  0x00000008004343ad in ?? () from /usr/local/lib/libgpg-error.so.0
> #6  0x0000000800432bef in gpgrt_log_info ()
>    from /usr/local/lib/libgpg-error.so.0
> #7  0x00000000002436e8 in ?? ()

It looks like SEGV when debug output.  Does it work when it's invoked
without --verbose?
-- 


From gniibe at fsij.org  Tue Sep 26 02:39:07 2023
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 26 Sep 2023 09:39:07 +0900
Subject: gnugp 2.4.3 fails to build with --disable-ldap
In-Reply-To: <ZRGA4PmXi1U0CS1v@pureos>
References: <ZRGA4PmXi1U0CS1v@pureos>
Message-ID: <87cyy5daz8.fsf@akagi.fsij.org>

Matthias Apitz <guru at unixarea.de> wrote:
> How to fix this?

Here is a commit of mine for GnuPG 2.4:

https://dev.gnupg.org/rG9ae3cfcabec9252c22d67b7a15c36f0a8cf22f0f
-- 


From guru at unixarea.de  Tue Sep 26 07:04:53 2023
From: guru at unixarea.de (Matthias Apitz)
Date: Tue, 26 Sep 2023 07:04:53 +0200
Subject: after OS update I can't use my OpenPGP card anymore
In-Reply-To: <87fs31db4n.fsf@akagi.fsij.org>
References: <ZRCDE1axkpLS0joR@c720-1400094> <87v8bzau1g.fsf@akagi.fsij.org>
 <ZREYMFALE8Bl5ZT0@c720-1400094.fritz.box>
 <87fs31db4n.fsf@akagi.fsij.org>
Message-ID: <ZRJmdSn6OIWIYL4Y@c720-1400094.fritz.box>

El d?a martes, septiembre 26, 2023 a las 09:35:52a. m. +0900, NIIBE Yutaka escribi?:

> Matthias Apitz <guru at unixarea.de> wrote:
> > $ gdb /usr/local/libexec/scdaemon
> > ...
> > r --debug-all --verbose --verbose --server
> > ...
> > OK GNU Privacy Guard's Smartcard server ready
> > SERIALNO
> > [New LWP 101967 of process 2622]
> >
> > Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault.
> > Address not mapped to object.
> > [Switching to LWP 101959 of process 2622]
> > 0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
> > (gdb) bt
> > #0  0x0000000800434a57 in ?? () from /usr/local/lib/libgpg-error.so.0
> > #1  0x00000008004314ef in ?? () from /usr/local/lib/libgpg-error.so.0
> > #2  0x00000008004304e4 in ?? () from /usr/local/lib/libgpg-error.so.0
> > #3  0x000000080042fdad in ?? () from /usr/local/lib/libgpg-error.so.0
> > #4  0x000000080042d5e3 in ?? () from /usr/local/lib/libgpg-error.so.0
> > #5  0x00000008004343ad in ?? () from /usr/local/lib/libgpg-error.so.0
> > #6  0x0000000800432bef in gpgrt_log_info ()
> >    from /usr/local/lib/libgpg-error.so.0
> > #7  0x00000000002436e8 in ?? ()
> 
> It looks like SEGV when debug output.  Does it work when it's invoked
> without --verbose?

Bingo! I removed --verbose from the cmd line and from the file
scdaemon.conf. A test on shell show now:

/usr/local/libexec/scdaemon --debug-all --verbose --verbose --server
scdaemon[2131]: reading options from '/home/guru/.gnupg-ccid/scdaemon.conf'
scdaemon[2131.a884ac12000]: reading options from '[cmdline]'
scdaemon[2131.a884ac12000]: enabled debug flags: mpi crypto memory cache memstat hashing ipc card cardio reader app
OK GNU Privacy Guard's Smartcard server ready
SERIALNO
S SERIALNO D27600012401020100050000532B0000
OK

And also decryption with the OpenPGP card works fine after providing the
card's PIN:

pass web/test1
bla
foo

One should file a bug PR.

Thanks

	matthias
-- 
Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub