On 05/01/2010 04:52 PM, Stanislav Sidorenko wrote: > Hi! > > I've tried to use SHA256 digest for signing using openpgp V2 smartcard and > got > the following error: > > gpg: checking created signature failed: bad signature > gpg: signing failed: bad signature > gpg: signing failed: bad signature > > It happens only if gpg uses gpg-agent which is configured to use scdaemon for > accesing smartcards. > > If I disable gpg-agent usage (--no-use-agent switch) and enter card PIN code > in the console then signing with SHA256 work perfectly. In case of enabled > gpg-agent only SHA1 and RIPEMD160 can be used. It looks like an issue in gpg- > agent or scdaemon. > > The issue was found on gpg 1.4.10 and gpg-agent 2.0.14. > > Thanks, > > Stanislav > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
Interesting, indeed. I unfortunately had to change my prefs when I got
my openpgp v2 card since I was using gpg2 and the agent is required. So
is this currently just an issue with gpg-agent? If I'm reading section
7.2.8.1 [Hash Algorithms] in the OpenPGP smart application PDF correctly
it seems only OpenPGP cards <2.0 are limited to SHA1 & RIPEMD-160.
"The following hash algorithms are supported by RFC 4880 and can be used
as input in the DSI. However the card may not check the integrity of a
DSI. Cards with Version < 2.0 supĀport RIPEMD-160 and SHA-1 only and may
check it, so other hash algorithms cannot be used."
Or is this saying >=2.0 OpenPGP cards can generate SHA2 hashes but
cannot verify them?
--
__________________________________
Chris Ruff
email: jcr...@gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
DC1B FD21 25BC 0621 F585
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
