145665 – sys-fs/cryptsetup - fails when trying access gnupg key on smartcard

Bug 145665 - sys-fs/cryptsetup - fails when trying access gnupg key on smartcard

Summary: sys-fs/cryptsetup - fails when trying access gnupg key on smartcard

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Benjamin Smee (strerror) (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-08-30 18:55 UTC by Nico
Modified:	2007-01-21 12:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
patch for sys-fs/cryptsetup-0.1-r3 (patch,773 bytes, text/plain) 2006-08-30 18:56 UTC, Nico	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico 2006-08-30 18:55:12 UTC

Hi,

when cryptfs is configured with a public encrypted key via the key= statement   
sys-fs/cryptsetup-0.1-r3 hangs when trying to access the secret gnupg key (stored on a smartcard) because 
1. gnupg cant find its secret-keyring (no homedir) and
2. (in case a smartcard is used) the reader cant be accessed/found (no USB_DEVFS_PATH)

actual result: hangs on setting up dm-mapping
expected result: should ask for pw or card and pin

Workaround:
1. define --homedir /root/.gnupg in the gpgotions
2. define and export USB_DEVFS_PATH
see attachment

this should work on cardreaders setup via udev.

Cheers,
Nico

Note: This should be the case in sys-fs/cryptsetup-luks too

Comment 1 Nico 2006-08-30 18:56:46 UTC

Created attachment 95522 [details]
patch for sys-fs/cryptsetup-0.1-r3

diff -u /lib/rcscripts/addons/dm-crypt-start.sh /usr/portage/sys-fs/cryptsetup/files/dm-crypt-start.sh

Comment 2 SpanKY gentoo-dev

2006-08-31 23:29:29 UTC

no, the entire point of allowing people to set gpg_options is so that they do ... in other words, you should be using:
gpg_options="... --homedir ..."
in your config file

what is the point of the USBDEVPATH ?

Comment 3 Nico 2006-09-01 00:17:31 UTC

ok.

and without the USBDEVFSPATH gnupg can't access/find the (usb) smartcard reader. So it will fail ending up in the while loop. (In case the key is stored on a smartcard).

I dont know if its correct to set the path, this way at this special point, but it works for me.

Comment 4 SpanKY gentoo-dev

2006-09-01 00:57:07 UTC

what package are you using for reading the smartcard ?  gnupg must be using an external library for handling such details right ?

Comment 5 Nico 2006-09-01 02:06:03 UTC

afaik only libusb is required. the rest is handled with the internal ccid driver of gnupg.

on boot udev generates a normal usb devfile under /dev/bus/usb/xxx/xxx and gnupg can access it directly. normaly gnupg gets the usbdevfspath from the env-var but in this case they are not set yet. 


no libpcsclite, pcslite or something like that is needed

Comment 6 Benjamin Smee (strerror) (RETIRED) gentoo-dev

2006-10-12 04:32:29 UTC

Given the current state of cryptsetup, you should be looking to use cryptsetup-luks. I've just put a new version in with some significant changes, check cryptsetup-luks.1.0.3-r3 and see how that goes. Let me know what changes need to be made in order to get your smart card working from that base please.

Comment 7 Benjamin Smee (strerror) (RETIRED) gentoo-dev

2007-01-21 12:57:42 UTC

marking this as a won't fix, switch to cryptsetup-luks and let me know any problems you have there.