Page MenuHome GnuPG

Cherry ST-2000U USB card reader keypad not working on Windows
Closed, ResolvedPublic

Description

I am trying to use the above reader on both win 7 and win 8.1 both 64 bit. I am
using the most recent gpg4win w/ 2.0.27. First, I can say that using Tails on
laptop (2.0.25), all works fine. Using win 7 from laptop, I am never prompted to
use pinpad, instead given input window. This does work when pin entered.
However, I have check and 'disable pin pad' is definitely not checked so should
be using pinpad. On win 8.1, I am propted to enter pin on pinpad, everything
fails. Even wrong pin seems to have no effect on counters. If I specifically
disable pinpad support, I get input window and operations go ahead.

Lack of pinpad entry is of course undesirable but I am additionally confused
that win 7 and win 8 appear to behave differently.

Please advise what logs/debugging you would require and how to enable. I am
reasonably competent but not overly familiar with gpg and its many options.

Details

Version
multiple

Event Timeline

beezle added a project: Bug Report.
beezle added a subscriber: beezle.

Thanks for your report. Now, I'm handling a bug report for Cherry ST-2000U on
GNU/Linux. After it will be fixed, I'll look this in detail.

Reading your report again, I found that it works on Tails, but not on Windows,
and the behavior is different between Windows 7 and Windows 8.1.
Which is somehow strange (for me).

Could you please test with following configuration?

  • .gnupg/scdaemon.conf

debug-level guru
debug-all

log-file /tmp/scd.log

Please change the filename /tmp/scd.log.
Thank you for your cooperation.

Hello,

I used the following options:

debug-level guru
debug-all
log-file /Temp/scd.log
enable-pinpad-varlen

Truncated output file showing two attempts to change the language from de to en
Notice no change in counters.

I also tried under FreeBSD and failed there as well which used the additional
debug-ccid-driver option

Of note, under FreeBSD, the orange light stays lit after entering the admin pin
(eventhough gpg2 rejects). Underwindows, it does not.

I include text here the FreeBSD reject just for comparison:

2015-06-25 19:43:18 scdaemon[11363] DBG: chan_5 <- SETATTR DISP-LANG en
2015-06-25 19:43:18 scdaemon[11363] DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1
le=256 em=0
2015-06-25 19:43:18 scdaemon[11363] DBG: PCSC_data: 00 CA 00 C4 00
2015-06-25 19:43:18 scdaemon[11363] DBG: response: sw=9000 datalen=7
2015-06-25 19:43:18 scdaemon[11363] DBG: dump: 00 20 20 20 03 00 03
2015-06-25 19:43:18 scdaemon[11363] 3 Admin PIN attempts remaining before card
is permanently locked
2015-06-25 19:43:18 scdaemon[11363] DBG: check_pcsc_pinpad: command=20, r=0
2015-06-25 19:43:18 scdaemon[11363] DBG: prompting for pinpad entry '|A|Please
enter the Admin PIN'
2015-06-25 19:43:18 scdaemon[11363] DBG: chan_5 -> INQUIRE POPUPPINPADPROMPT

APlease enter the Admin PIN

2015-06-25 19:43:19 scdaemon[11363] DBG: chan_5 <- END
2015-06-25 19:43:19 scdaemon[11363] DBG: send secure: c=00 i=20 p1=00 p2=83
len=24 pinmax=25
2015-06-25 19:43:25 scdaemon[11363] pcsc_control failed: insufficient buffer
(0x80100008)
2015-06-25 19:43:25 scdaemon[11363] control_pcsc failed: 65538
2015-06-25 19:43:25 scdaemon[11363] DBG: dismiss pinpad entry prompt
2015-06-25 19:43:25 scdaemon[11363] DBG: chan_5 -> INQUIRE DISMISSPINPADPROMPT
2015-06-25 19:43:25 scdaemon[11363] DBG: enter: apdu_get_status: slot=0 hang=0
2015-06-25 19:43:25 scdaemon[11363] DBG: leave: apdu_get_status => sw=0x0
status=7 changecnt=1
2015-06-25 19:43:25 scdaemon[11363] DBG: chan_5 <- END
2015-06-25 19:43:25 scdaemon[11363] verify CHV3 failed: Invalid value
2015-06-25 19:43:25 scdaemon[11363] DBG: chan_5 -> ERR 100663351 Invalid value <SCD>

In GnuPG 2.1.6, for GNU/Linux and FreeBSD with PC/SC service, I think that I've
fixed an issue related to "insufficient buffer" error. I also fixed a problem
of internal CCID driver for GNU/Linux and others (not for Windows).

In the error of your sc.log (on Windows), the card reader returns 6700, which
means "wrong length". I don't know well, why this happens. If it's by similar
cause, the change introduced in 2.1.6 would improve situation.