Philip Jackson <philip.jack...@nordnet.fr> wrote: > I have the log file which I attach. > > It shows a number of reports of the same error (lines 89,91,97,99,101) > ERR 83886254 Unknown option <PINentry>, before it asks me for the pin > (line 111). It says 'confidential data not shown' three times but I only > entered the pin once. > > Can you determine anything from this ?
Not much. It fails just after sending a command to the card. It seems that there is some communication problem between host and card reader. How 'gpg --card-status' works? You can try to debug scdaemon by having .gnupg/scdaemon.conf: ============================= debug-level guru debug-all verbose debug-ccid-driver log-file /run/user/1000/scd.log ============================= Here is what we can see in your log. > 2017-09-11 18:10:21 gpg-agent[8972] gpg-agent (GnuPG) 2.1.11 started [...] gpg-agent started. > 2017-09-11 18:10:22 gpg-agent[8972] no running SCdaemon - starting it [...] And then, scdaemon started after PKDECRYPT command from gpg to gpg-agent. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> SERIALNO > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- S SERIALNO > D2760001240102000005000028700000 0 > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK [...] Card works fine to answer its serial number. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> PKDECRYPT OPENPGP.2 > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- INQUIRE NEEDPIN ||Please > enter the PIN > 2017-09-11 18:10:22 gpg-agent[8972] starting a new PIN Entry [...] gpg-agent asks PKDECRYPT command to scdaemon, and scdaemon inquires PIN for the authentication. > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETDESC Please enter the > PIN > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETPROMPT PIN > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK > 2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> [[Confidential data not > shown]] > 2017-09-11 18:10:23 gpg-agent[8972] SIGUSR2 received - updating card event > counter > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not > shown]] > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not > shown]] > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 -> BYE [...] This is interaction between pinentry and gpg-agent. SIGUSR2 (it means: a card is found) comes from scdaemon to gpg-agent, because scdaemon periodically checks if card is inserted. > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> END > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663395 Operation > cancelled <SCD> > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> CAN > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663571 Unknown IPC > command <SCD> > 2017-09-11 18:10:30 gpg-agent[8972] smartcard decryption failed: Operation > cancelled > 2017-09-11 18:10:30 gpg-agent[8972] command 'PKDECRYPT' failed: Operation > cancelled <SCD> > 2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_6 -> ERR 100663395 Operation > cancelled <SCD> [...] gpg-agent sends the PIN to scdaemon (until "END"), and I think that scdaemon sends command to the card through card reader. But it fails. There are two ways to access card reader for GnuPG. One is through PC/SC, and another is internal CCID driver of GnuPG. If it doesn't work well with PC/SC, it's worth to try the internal CCID driver (or vice virsa). -- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
