Hi,
I've a public key with two subkeys. I transferred one of the subkeys (0x6F5B8616ACB0354B) to a YubiKey 5 NFC and then restored my ~/.gnupg directory.
After that, every time I call "gpg --card-edit", the subkey previously transferred to the Yubikey is truncated without warning. This is an infinite loop. If I restore the ~/.gnupg directory from a backup and run "gpg --card-edit", the key is shortened again.
Initial setup
=============
# LANG=C gpg --version
gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/carsten/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
D17696EEDCFEC2038171D953033AA0B393AFAE6C
Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid [ultimate] Carsten Grohmann <carstengrohmann@gmx.de>
uid [ultimate] Carsten Grohmann <carsten@grohmann-online.de>
uid [ultimate] Carsten Grohmann <mail@carstengrohmann.de>
ssb rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68
# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 2055 5. Feb 2015 /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
Executing "gpg --card-edit"
===========================
# LANG=C gpg --card-edit
Reader ...........: <deleted>
Application ID ...: <deleted>
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: <deleted>
Name of cardholder: Carsten Grohmann
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://carstengrohmann.de/download/carstengrohmann.pub
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: DD36 8F14 0651 75DE B159 3980 6F5B 8616 ACB0 354B
created ....: 2013-10-16 19:39:54
Authentication key: [none]
General key info..:
sub rsa4096/0x6F5B8616ACB0354B 2013-10-16 Carsten Grohmann <carstengrohmann@gmx.de>
sec rsa4096/0x033AA0B393AFAE6C created: 2013-10-16 expires: 2028-09-02
ssb> rsa4096/0x6F5B8616ACB0354B created: 2013-10-16 expires: 2028-09-02
card-no: 0006 18031866
ssb rsa4096/0x468E025260DD710F created: 2023-09-04 expires: 2028-09-02
Check the result - key is truncated
===================================
# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
D17696EEDCFEC2038171D953033AA0B393AFAE6C
Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid [ultimate] Carsten Grohmann <carstengrohmann@gmx.de>
uid [ultimate] Carsten Grohmann <carsten@grohmann-online.de>
uid [ultimate] Carsten Grohmann <mail@carstengrohmann.de>
ssb> rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68
# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 1237 10. Sep 20:48 /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
Is this an expected behaviour? Can I control it?
Regards,
Carsten
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
I've a public key with two subkeys. I transferred one of the subkeys (0x6F5B8616ACB0354B) to a YubiKey 5 NFC and then restored my ~/.gnupg directory.
After that, every time I call "gpg --card-edit", the subkey previously transferred to the Yubikey is truncated without warning. This is an infinite loop. If I restore the ~/.gnupg directory from a backup and run "gpg --card-edit", the key is shortened again.
Initial setup
=============
# LANG=C gpg --version
gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/carsten/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
D17696EEDCFEC2038171D953033AA0B393AFAE6C
Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid [ultimate] Carsten Grohmann <carstengrohmann@gmx.de>
uid [ultimate] Carsten Grohmann <carsten@grohmann-online.de>
uid [ultimate] Carsten Grohmann <mail@carstengrohmann.de>
ssb rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68
# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 2055 5. Feb 2015 /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
Executing "gpg --card-edit"
===========================
# LANG=C gpg --card-edit
Reader ...........: <deleted>
Application ID ...: <deleted>
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: <deleted>
Name of cardholder: Carsten Grohmann
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://carstengrohmann.de/download/carstengrohmann.pub
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: DD36 8F14 0651 75DE B159 3980 6F5B 8616 ACB0 354B
created ....: 2013-10-16 19:39:54
Authentication key: [none]
General key info..:
sub rsa4096/0x6F5B8616ACB0354B 2013-10-16 Carsten Grohmann <carstengrohmann@gmx.de>
sec rsa4096/0x033AA0B393AFAE6C created: 2013-10-16 expires: 2028-09-02
ssb> rsa4096/0x6F5B8616ACB0354B created: 2013-10-16 expires: 2028-09-02
card-no: 0006 18031866
ssb rsa4096/0x468E025260DD710F created: 2023-09-04 expires: 2028-09-02
Check the result - key is truncated
===================================
# LANG=C gpg --list-secret-keys --with-keygrip 0x033AA0B393AFAE6C
sec rsa4096/0x033AA0B393AFAE6C 2013-10-16 [SC] [expires: 2028-09-02]
D17696EEDCFEC2038171D953033AA0B393AFAE6C
Keygrip = AB143A7B31FBB715329D5083B317D1581B591975
uid [ultimate] Carsten Grohmann <carstengrohmann@gmx.de>
uid [ultimate] Carsten Grohmann <carsten@grohmann-online.de>
uid [ultimate] Carsten Grohmann <mail@carstengrohmann.de>
ssb> rsa4096/0x6F5B8616ACB0354B 2013-10-16 [E] [expires: 2028-09-02]
Keygrip = 541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8
ssb rsa4096/0x468E025260DD710F 2023-09-04 [S] [expires: 2028-09-02]
Keygrip = AA95FFE1C4A1522B819ED8AF89E9390B61D49F68
# ll ~/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
-rw------- 1 carsten carsten 1237 10. Sep 20:48 /home/carsten/.gnupg/private-keys-v1.d/541DBB9E9190F1692E1EE65F14ADB13B5B0C9EA8.key
Is this an expected behaviour? Can I control it?
Regards,
Carsten
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users