141277 – app-crypt/gnupg - gpg --disable-ccid option when using pcmcia based cardreader

Bug 141277 - app-crypt/gnupg - gpg --disable-ccid option when using pcmcia based cardreader

Summary: app-crypt/gnupg - gpg --disable-ccid option when using pcmcia based cardreader

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Other

Importance:	High enhancement
Assignee:	Crypto team [DISABLED]

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-21 06:03 UTC by Harvey Muller
Modified:	2024-09-22 02:44 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info data for initial report (emerge.info,1.88 KB, application/octet-stream) 2006-07-21 07:32 UTC, Harvey Muller	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Harvey Muller 2006-07-21 06:03:57 UTC

PROBLEM:
gpg barfs =) when attempting to generate keys if the --disable-ccid option is not set.  The error generally looks like this:

gpg: apdu_send_simple(0) failed: unknown status error
gpg: generating key failed
gpg: key generation failed: general error
Key generation failed: general error
gpg: apdu_send_simple(0) failed: unknown status error
gpg: failed to set `CHV-STATUS-1': general error
gpg: error setting forced signature PIN flag: general error

WORKAROUND:
The above error disappears when using the --disable-option at the command prompt.  An alias statement in .bashrc, is obviously a little better than that.

PROPOSED SOLUTION:
I preface the proposal, by stating I know very little about ebuilds at this point in time.  But would it be possible to set this permanently during compile time, if a pcmcia base card reader is detected?

Thanks for all you do.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-07-21 06:23:12 UTC

Please, always include ebuild name and version plus emerge --info when reporting bugs.

Comment 2 Harvey Muller 2006-07-21 07:32:21 UTC

Created attachment 92417 [details]
emerge --info data for initial report

As requested, and will do in the future.

Comment 3 Harvey Muller 2006-07-21 07:33:35 UTC

ebuild name / version / USE flags:

app-crypt/gnupg-1.9.20-r3 USE="smartcard -X -caps -gpg2-experimental -ldap -nls"

See attachment 92417 [details] (created 2006-07-21 07:32 PST) for emerge --info

Comment 4 Harvey Muller 2006-07-24 13:23:56 UTC

UPDATE:  Although this 'seemed' to resolve the problem (tested on two different cards, only generating primary keys on the card), the problem continued to persist when I generated subkeys to add to the card.  The same general error was present.

Through trial and error, what seemed to help, was typing a bunch of junk into a dummy document to help increase random number generation, then generating a subkey.  I was able to create three subkeys on the card using this approach.  So maybe this is an issue with the application not getting enough random bits?  I don't know enough to be sure, but that's my hunch.

Comment 5 Alon Bar-Lev (RETIRED) gentoo-dev

2006-09-13 10:34:17 UTC

Hello,

I cannot really understand the problem.

Can you please try to add some more description?

Which cards do you use?
Which readers do you use?
Is there any other application where card work?
Do you use pcsc-lite reader drivers, or relay on gnupg ccid implementation?

Thanks!

Comment 6 Daniel Black (RETIRED) gentoo-dev

2006-09-19 14:23:12 UTC

As per comment #5 - need a bit more info. Please reopen when you attach it.

Comment 7 Xi 2024-09-22 02:43:04 UTC

This line in my ".gnupg/scdaemon.conf" file is causing the problem.

```
trust-model tofu+pgp
```

Comment 8 Xi 2024-09-22 02:44:14 UTC

(In reply to Xi from comment #7)
> This line in my ".gnupg/scdaemon.conf" file is causing the problem.
> 
> ```
> trust-model tofu+pgp
> ```

Oh...sorry, I replied on the wrong bug. Please ignore.