Hello list, I have issues using OpenPGP smart cards from "kernel concepts" with omnikey card reader integrated in Cherry keyboard (Cherry XX44 USB keyboard)
I can read a smart card status: $ gpg --card-status Application ID ...: D27600012401020000050000102E0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 0000102E Name of cardholder: John Dow Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: alex Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 5 Signature key ....: F14E 8ED6 2459 8260 9D0B D1F3 839F 90E1 8D22 1FF8 created ....: 2011-08-09 09:38:42 Encryption key....: 1D98 37A5 BE5D 185F BDC0 AD1C 2D05 CC10 6206 765E created ....: 2011-08-09 09:38:42 Authentication key: 361B 505C DD7F 2F88 0C04 C5B1 BA91 2945 B68E 90D3 created ....: 2011-08-09 09:38:42 General key info..: [none] I can also change login data, PINs, etc. But I can not generate a keys: gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) n gpg: NOTE: keys are already stored on the card! Replace existing keys? (y/N) y gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN Please enter the PIN What keysize do you want for the Signature key? (2048) What keysize do you want for the Encryption key? (2048) What keysize do you want for the Authentication key? (2048) Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinri...@duesseldorf.de>" Real name: John Dow Email address: Comment: You selected this USER-ID: "John Dow" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: existing key will be replaced gpg: please wait while key is being generated ... gpg: apdu_send_simple(0) failed: unknown status error gpg: generating key failed gpg: key generation failed: general error Key generation failed: general error gpg/card> Using existing key for authentication works neither: $gpg-agent --enable-ssh-support --daemon --log-file /tmp/gpg-agent.log $ ssh-add -L The agent has no identities. $ cat /tmp/gpg-agent.log 2011-08-09 11:47:02 gpg-agent[16906] listening on socket `/tmp/gpg-3QmD1w/S.gpg-agent' 2011-08-09 11:47:02 gpg-agent[16906] listening on socket `/tmp/gpg-YdDV3Y/S.gpg-agent.ssh' 2011-08-09 11:47:02 gpg-agent[16907] gpg-agent (GnuPG) 2.0.14 started 2011-08-09 11:47:14 gpg-agent[16907] ssh handler 0xff1d20 for fd 8 started 2011-08-09 11:47:14 gpg-agent[16907] ssh request 1 is not supported 2011-08-09 11:47:14 gpg-agent[16907] ssh request handler for request_identities (11) started 2011-08-09 11:47:14 gpg-agent[16907] no running SCdaemon - starting it 2011-08-09 11:47:14 gpg-agent[16907] DBG: first connection to SCdaemon established gpg-agent[16907.10] DBG: -> GETINFO socket_name gpg-agent[16907.10] DBG: <- D /tmp/gpg-XE8ndK/S.scdaemon gpg-agent[16907.10] DBG: <- OK 2011-08-09 11:47:14 gpg-agent[16907] DBG: additional connections at `/tmp/gpg-XE8ndK/S.scdaemon' gpg-agent[16907.10] DBG: -> OPTION event-signal=12 gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> GETATTR $AUTHKEYID gpg-agent[16907.10] DBG: <- S $AUTHKEYID OPENPGP.3 gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> GETATTR SERIALNO 2011-08-09 11:47:15 gpg-agent[16907] SIGUSR2 received - updating card event counter gpg-agent[16907.10] DBG: <- S SERIALNO D27600012401020000050000102E0000 gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> READKEY OPENPGP.3 gpg-agent[16907.10] DBG: <- ERR 100663305 No public key <SCD> 2011-08-09 11:47:15 gpg-agent[16907] no suitable card key found: No public key 2011-08-09 11:47:15 gpg-agent[16907] ssh request handler for request_identities (11) ready gpg-agent[16907.10] DBG: -> RESTART gpg-agent[16907.10] DBG: <- OK 2011-08-09 11:47:15 gpg-agent[16907] ssh handler 0xff1d20 for fd 8 terminated If I using SCM card readers with this cards everything works just fine. I have some older smart cards from "kernel concepts", they working also perfect with both card readers (SCM and Omnikey in Cherry keyboard). Have anybody the same problem? Is there a chance that we can use this Open PGP cards with Cherry keyboards? (we have bought a 100 smart cards and keyboards for our company) System is debian squeeze # dpkg --list | grep -i gnupg ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian archive ii gnupg 1.4.10-4 GNU privacy guard - a free PGP replacement ii gnupg-agent 2.0.14-2 GNU privacy guard - password agent ii gnupg2 2.0.14-2 GNU privacy guard - a free PGP replacement (new v2.x) ii libassuan-dev 1.0.5-1 IPC library for the GnuPG components ii libgpg-error-dev 1.6-1 library for common error values and messages in GnuPG components ii libgpg-error0 1.6-1 library for common error values and messages in GnuPG components ii libgpgme11 1.2.0-1.2 GPGME - GnuPG Made Easy ii libgpgme11-dev 1.2.0-1.2 GPGME - GnuPG Made Easy ii libkleopatra1 4:3.5.9-5 KDE GnuPG interface libraries ii pinentry-gtk 0.7.5-2.1 GTK+-based PIN or pass-phrase entry dialog for GnuPG ii pinentry-gtk2 0.8.0-1 GTK+-2-based PIN or pass-phrase entry dialog for GnuPG ii python-gnupginterface 0.3.2-9.1 Python interface to GnuPG (GPG) ii seahorse 2.30.1-2 GNOME front end for GnuPG thanks, -- Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team email: oleksandr.shney...@obviously-nice.de web: www.obviously-nice.de --> X2go - everywhere@home
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users