Hi,
I've been successfully using OpenPGP smartcard for signing my Debian
uploads for a while now. Today I wanted to set it up also for SSH
public key authentication.
I'm using:
gnupg-2.0.17
libassuan-2.0.1
libgcrypt-1.4.6
libksba-1.1.0
pinentry-0.8.1
pinentry-qt-0.5.0
All installed into /usr/local. Signing files using gpg2 works excellent.
But when I try:
$ /usr/local/bin/gpg-agent -vv --daemon --enable-ssh-support --scdaemon-program
/usr/local/bin/scdaemon
gpg-agent[6534]: listening on socket `/tmp/gpg-sUL53i/S.gpg-agent'
gpg-agent[6534]: listening on socket `/tmp/gpg-x8sB4W/S.gpg-agent.ssh'
GPG_AGENT_INFO=/tmp/gpg-sUL53i/S.gpg-agent:6535:1; export GPG_AGENT_INFO;
SSH_AUTH_SOCK=/tmp/gpg-x8sB4W/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6535; export SSH_AGENT_PID;
gpg-agent[6535]: gpg-agent (GnuPG) 2.0.17 started
$ GPG_AGENT_INFO=/tmp/gpg-sUL53i/S.gpg-agent:6535:1; export GPG_AGENT_INFO;
$ SSH_AUTH_SOCK=/tmp/gpg-x8sB4W/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
$ SSH_AGENT_PID=6535; export SSH_AGENT_PID;
$ ssh shell.dug.net.pl
gpg-agent[6535]: ssh handler 0x96e9348 for fd 7 started
gpg-agent[6535]: received ssh request of length 1
gpg-agent[6535]: ssh request handler for request_identities (11) started
gpg-agent[6535]: no running SCdaemon - starting it
gpg-agent[6535]: DBG: first connection to SCdaemon established
gpg-agent[6535]: ssh request handler for request_identities (11) ready
gpg-agent[6535]: sending ssh response of length 183
gpg-agent[6535]: received ssh request of length 409
gpg-agent[6535]: ssh request handler for sign_request (13) started
gpg-agent[6535]: DBG: detected card with S/N D27600012401020000050000009E0000
gpg-agent[6535]: starting a new PIN Entry
gpg-agent[6535]: smartcard signing failed: Bad PIN
gpg-agent[6535]: ssh request handler for sign_request (13) ready
gpg-agent[6535]: sending ssh response of length 1
Agent admitted failure to sign using the key.
Password:
I get a pinentry-qt4 propmpt (just as for regular signing). But, as you
can see, gpg-agent says the PIN's been invalid.
At first I tried GnuPG shipped with Debian (gpg 2.0.14, libgcrypt 1.4.6). No
luck, so I compiled newest GnuPG and dependencies (see beginning of this
mail), but still doesn't work.
I'm not sure if key's preferences are important, but I changed them from
the default values to:
gpg> showpref
[ unknown] (1). Patryk Cisek <pat...@prezu.one.pl>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ unknown] (2) Prezu <p...@interia.pl>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ unknown] (3) Patryk Cisek <pat...@debian.org>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ unknown] (4) Patryk Cisek <pat...@dug.net.pl>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ revoked] (5) Patryk Cisek <patr...@plusnet.pl>
Cipher: 3DES
Digest: SHA1
Compression: ZIP, Uncompressed
Features: Keyserver no-modify
[ unknown] (6) Patryk Cisek <patryk.ci...@gmail.com>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ unknown] (7) Patryk Cisek <102...@student.pwr.wroc.pl>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
