Comments (8)
alonbl
commented on August 17, 2024
Why do you add the following parameters?
provider-utimaco-private-mask 0
openpgp-sign 8E3F2428B781C1D84862D0543545DA1AC411AA54
from gnupg-pkcs11-scd.
psztoch
commented on August 17, 2024
provider-utimaco-private-mask 0
Isn't zero default value?! Nevertheless, I commented.
penpgp-sign 8E3F2428B781C1D84862D0543545DA1AC411AA54
I thought I should add this. Without it, card-status works without problem, but then "card-edit / admin / generate" generates an error.
gpg --card-status
gpg: WARNING: server 'scdaemon' is older than us (0.9.3_master < 2.2.27)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
Reader ...........: [none]
Application ID ...: D2760001240111503131E848EB1B1111
Application type .: OpenPGP
Version ..........: 11.50
Manufacturer .....: ?
Serial number ....: E848EB1B
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa48 rsa48 rsa48
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg --card-edit
(...)
gpg/card> admin
Admin commands are allowed
gpg/card> generate
(...)
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg: key generation failed: Bad session key
Key generation failed: Bad session key
gpg/card>
My sub keys is detected properly with ">":
gpg -K --with-subkey-fingerprint --with-keygrip
/root/.gnupg/pubring.kbx
------------------------
sec# rsa4096 2018-11-14 [SC] [expires: 2038-11-09]
68A1CCA9D09289608707E02A5B1B91B3668C9F09
Keygrip = C8C1D1BFA04FF264B6FCDE344A9101B6C9A0A4F3
uid [ultimate] EtherMatic Repository <[email protected]>
ssb> rsa4096 2021-05-09 [S] [expires: 2029-05-07]
FC5013CAA0A3B871F3F708E8F248520952DB247B
Card serial no. = 3131 E848EB1B
Keygrip = 8E3F2428B781C1D84862D0543545DA1AC411AA54
from gnupg-pkcs11-scd.
psztoch
commented on August 17, 2024
I have problem with PIN.
If I configure my Utimaco PKCS #11 library, and put PIN into their config file /etc/cs_pkcs11_R2.cfg, then all works fine!
And openpgp-sign should not be set. :-)
After changing the PKCS11 configuration, just remember to kill the gpg agent. Without it, everything works on the old configuration and you can lose heart. ;-)
from gnupg-pkcs11-scd.
alonbl
commented on August 17, 2024
Logs
from gnupg-pkcs11-scd.
psztoch
commented on August 17, 2024
Is it possible to use gpg-preset-passphrase --preset -P PIN KEY_GRIP for PIN to PKCS#11 slot?
I want to use gpg --sign for batch signing (APT repository), and pinentry is not solution for me.
from gnupg-pkcs11-scd.
alonbl
commented on August 17, 2024
Refer[1] as an example.
[1] https://github.com/alonbl/gnupg-pkcs11-scd/blob/master/misc/pinentry-file
from gnupg-pkcs11-scd.
alonbl
commented on August 17, 2024
Hi,
Can you please check the https://github.com/alonbl/pkcs11-helper/tree/always-auth with the https://github.com/alonbl/gnupg-pkcs11-scd/tree/pincache branch? It should solve the yubikey issue.
Thanks,
@alonbl
from gnupg-pkcs11-scd.
alonbl
commented on August 17, 2024
Should work with gnupg-pkcs11-scd-0.9.3
from gnupg-pkcs11-scd.
Related Issues (20)
- gpg 2.3.x regression HOT 25
- Select slot/token and env for library in configuration HOT 9
- Documentation Isuse for Yubikey with OpenSC HOT 5
- Yubikey - Multiple PIV Certs encryption/signing issue HOT 8
- Problem in loading keys to the gpg HOT 8
- 9.3 release segfaults on PKAUTH command
- 9.3 release always requires PIN for signing operation HOT 7
- gpg2 --card-status fails to list any key HOT 4
- why importing same key from same token in different machine lead to different keyids HOT 1
- Instructions on compiling for Windows HOT 3
- Cannot sign, asks PIN-code, but no success HOT 9
- Support for PKCS#11 Modules without Certificates HOT 14
- gpg --expert --full-generate-key fails to recognize card HOT 1
- Command GETATTR APPTYPE and $DISPSERIALNO is not implemented HOT 13
- Can this interface support Yubikey 5? HOT 11
- gpg --sign not triggering pin entry using a key with 'always authenticate' HOT 10
- ERR 41 Wrong public key algorithm <Unspecified source> HOT 6
- [Nitrokey HSM2] gpg --expert --full-generate-key returns: gpg: signing failed: Card error HOT 3
- gpg --card-status shows different results when used with scdaemon and gnupg-pkcs11-scd HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gnupg-pkcs11-scd.