Page MenuHome GnuPG
Create Task
Maniphest T1229

gpg-agent prevents sha256 digests with pgp card v2
Closed, ResolvedPublic
Actions

Description

The gpg-agent somehow prevent the use of the SHA2 digest family when using
openpgp smartcards version 2.

If you try to create a >=sha256 signature gnupg refuses to sign the message:

gpg: checking created signature failed: Bad signature
gpg: signing failed: Bad signature

If you bypass the agent with gnupg v1 signing works without problem:

$ gpg --disable-ccid --no-use-agent -vas --digest-algo sha256

If gpg-agent tries to connect to the pcsc daemon signing will not work. If gnupg
conntects via pcsc it works.

Event Timeline

joke added projects: gnupg, Bug Report.May 22 2010, 3:08 PM
joke added a subscriber: joke.
werner added a subscriber: werner.May 31 2010, 5:27 PM

Version numbers of gpg, gpg-agent and scdaemon are ...

joke added a comment.May 31 2010, 10:35 PM

It doesn't work with both gnupg version if they are connecting via scdaemon/pcscd.

ubuntu lucid amd64:

/usr/bin/gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),

AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), 
CAMELLIA256 (S13)

Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),

SHA512 (H10), SHA224 (H11)

Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)

/usr/bin/gpg2 --version
gpg (GnuPG) 2.0.14
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),

AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), 
CAMELLIA256 (S13)

Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),

SHA512 (H10), SHA224 (H11)

Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)

joke added a comment.May 31 2010, 10:36 PM

gpg-agent --version
gpg-agent (GnuPG) 2.0.14
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

scdaemon (GnuPG) 2.0.14
libgcrypt 1.4.4
libksba 1.0.7
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pcscd --version
pcsc-lite version 1.5.3.
Copyright (C) 1999-2002 by David Corcoran <corcoran@linuxnet.com>.
Copyright (C) 2001-2008 by Ludovic Rousseau <ludovic.rousseau@free.fr>.
Copyright (C) 2003-2004 by Damien Sauveron <sauveron@labri.fr>.
Report bugs to <muscle@lists.musclecard.com>.
Enabled features: Linux libusb usbdropdir=/usr/lib/pcsc/drivers confdir=/etc
ipcdir=/var/run/pcscd

werner closed this task as Resolved.Sep 28 2010, 4:35 PM
werner claimed this task.

This has been fixed in the SVN.