Page MenuHome GnuPG

gpg --card-status does NOT to create secret key stubs
Closed, InvalidPublic

Description

The issue is the same as it was reported for gpg 2.1.21 HERE, which was fixed in 2.1.22.
I upgraded archlinux gnupg package to 2.2.4 and the issue seems to be back again.

> gpg --version

gpg (GnuPG) 2.2.4
libgcrypt 1.8.2

Note that gpg --card-status fails to create secret key stubs when no real secret key is present on a computer.
This is the case for example when you connect the smart card to a new computer and fetch your public key:

> gpg --homedir /tmp/.gnupg --card-edit
gpg/card> fetch                                                                                                                                                                                                                               
gpg: requesting key from '...someurl'                                                                             
gpg: /tmp/.gnupg/trustdb.gpg: trustdb created                                                                                                                                                                                                 
gpg: key A3AA60EA350A63A4: public key "userid" imported                                                                                                                                                             
gpg: Total number processed: 1                                                                                                                                                                                                                
gpg:               imported: 1

gpg/card> quit



> gpg --homedir /tmp/.gnupg --card-status --debug-all

gpg: DBG: chan_5 -> SCD GETATTR KEY-ATTR                   
gpg: DBG: chan_5 <- S KEY-ATTR 1 1 rsa2048 32 1            
gpg: DBG: chan_5 <- S KEY-ATTR 2 1 rsa2048 32 1                       
gpg: DBG: chan_5 <- S KEY-ATTR 3 1 rsa2048 32 1            
gpg: DBG: chan_5 <- OK                                                
gpg: DBG: [not enabled in the source] keydb_new            
gpg: DBG: [not enabled in the source] keydb_search enter              
gpg: DBG: keydb_search: 1 search descriptions:             
gpg: DBG: keydb_search   0: AAA20: 'A176 8EAE 3A4C ACF2 2566  6A3B 2CD9 4A7A 642A EAE2'                                
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)     
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => EOF                                                       
gpg: DBG: [not enabled in the source] keydb_search leave (not found)                                                   
gpg: DBG: [not enabled in the source] stop                               


Signature key ....: signaturekeyid
      created ....: date
Encryption key....: encryptionkeyid
      created ....: date
Authentication key: authenticationkeyid
      created ....: date
General key info..: [none]

As you can see above gpg --card-status fails to find the key and does not create stubs.
I use OpenPGP smartcard Version 2.1

Details

Version
2.2.4

Event Timeline

gniibe triaged this task as Normal priority.EditedJan 22 2018, 11:34 AM

I use Debian stretch. It works for me with GnuPG 2.2.4.
The stub is created at the time when --card-edit accesses the card.
When I type RET after fetch command, it shows the key information.

Even if I remove $GNUPGHOME/private-key-v1d/*, --card-status recreate the stubs again.

This is the second time, you claim the bug, but I can't replicate. I wonder if you have another factor (of change) for the environment of GnuPG.

My apologies , after the system upgrade, multiple things around gnupg broke and I got distracted and forgot to check the fetched public key, which somehow didn't contain subkey data.
This particular issue has been resolved by updating upstream public key.
Thank you for your assistance.