Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Error messages reconfiguring an OpenPGP smartcard
gnupg-users at gnupg
Sep 4, 2021, 3:11 AM
Post #1 of 4 (468 views)
Permalink
I've tried to follow the patchwork documentation to reconfigure my OpenPGP card, but rather than continue wasting time, I thought I'd reach out for help.

According to gpg --card-status, I have an OpenPGP card v. 2.1 made by LogoEmail (that's not from whom I bought it, so I'm not sure if the information is even correct).

I'm trying to follow https://gnupg.org/howtos/card-howto/en/smartcard-howto.html . I get to part 3.3. When I type "generate" and enter the requested information, I get the following output after a brief pause:

gpg: signing failed: Invalid value
gpg: make_keysig_packet failed: Invalid value
Key generation failed: Invalid value

I've searched for these error messages and cannot find anything helpful. When I run gpg --card-status again, the signature and authentication keys seem to be updated, but the encryption key is not. Furthermore, General key info reads [none]. Again, if there's documentation to say whether this output is correct or not, I haven't found it in over two hours.

I'm on Debian testing, if that's relevant. Can I get some troubleshooting guidance to understand this output and why I cannot generate a new encryption key?

Also, I believe that, after generating the keys, I need to import them into my keyring. This isn't documented in the How-to, and it really should be. Could I get a brief explanation on how to do so if I don't generate an off-card backup of the encryption key?

With thanks,

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error messages reconfiguring an OpenPGP smartcard [ In reply to ]
bernhard at intevation
Sep 24, 2021, 3:15 AM
Post #2 of 4 (467 views)
Permalink
Hi Borden,

Am Samstag 04 September 2021 12:11:34 schrieb Borden via Gnupg-users:
> Can I get some troubleshooting guidance to understand this output and why
> I cannot generate a new encryption key?

in general, increasing verbosity helps to understand better what is going on.

For most GnuPG command line tools, this means to add "--verbose" or the short
form "-v" to the command line. A second "-v" will give you more data.
Then there is the group of "--debug" options which will give you even more
insights. Check the documentation to see what they actually do.

(And be careful when posting those verbose information, it my contain sensible
parts if higher debug levels are used.)

Regards,
Bernhard



--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attached Files:

Re: Error messages reconfiguring an OpenPGP smartcard [ In reply to ]
gnupg-users at gnupg
Sep 27, 2021, 10:37 AM
Post #3 of 4 (464 views)
Permalink
On Sat, 4 Sep 2021 12:11, Borden said:

> According to gpg --card-status, I have an OpenPGP card v. 2.1 made by
> LogoEmail (that's not from whom I bought it, so I'm not sure if the

Note that re-configuring a card is only possible with certain cards; it
is an optional feature of the specification. I don't know the card from
www.scardsolutions.com - you may want to ask them what they implement.

If gpg --card-status -v does not hsow any hints and you have the time,
you can add some debugging options: Add these lines to
~/.gnupg/scdameon.conf:

--8<---------------cut here---------------start------------->8---
log-file /some/where/scd.log
verbose
debug ipc,reader,cardio
--8<---------------cut here---------------end--------------->8---

and

gpgconf --kill scdaeemon

then try again and have a look at the log file. We might be able to
help anlyzing the log but we would see the PINs etc.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: Error messages reconfiguring an OpenPGP smartcard [ In reply to ]
gnupg-users at gnupg
Sep 27, 2021, 5:53 PM
Post #4 of 4 (464 views)
Permalink
Thank you for the feedback and suggestions. As happens in most open source software, a few updates and weeks later, key regeneration worked just fine. So the error may have been some library mismatch.

Updating the beginner documentation with these debugging suggestions may divert some amateurs like me from bothering the list. I didn't come across these suggestions in my search. In fact, it may be worthwhile to update the code proper to suggest these debugging options when it throws general errors - since it's evident that the information I posted wasn't all that helpful in troubleshooting the problem.

With thanks,

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal