Release: GnuPG 1.4.0
Environment
AMD 2800+
FreeBSD 5.3.0 Release
Gemplus GCR415 smart card reader
G10.code OpenPGP Card
Description
Errors are occuring during the on-card key generation process. The resulting keys are not usable.
gpg: please wait while key is being generated ...
gpg: key generation completed (26 seconds)
gpg: signing failed: wrong secret key used
gpg: make_keysig_packet failed: wrong secret key used
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (20 seconds)
gpg: signatures created so far: 0
gpg: signatures created so far: 0
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (14 seconds)
gpg: signatures created so far: 2
gpg: signatures created so far: 2
gpg: key 41ADB9DD marked as ultimately trusted
public and secret key created and signed.
How To Repeat
bash-2.05b$ gpg --card-edit
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: detected reader `GemPC410 0 0'
Application ID ...: D2760001240101000001000000110000
Version ..........: 1.0
Manufacturer .....: PPC Card Systems
Serial number ....: 00000011
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: 6F61 422F F950 173D 46F2 17D4 51FF D2A7 B4D0 9EF9
Encryption key....: 24BA 7364 DE14 4C4D C911 BBA6 CBE9 1A7D 6E7E 49F9
Authentication key: 5E74 FC83 8A12 8111 78F9 6BB4 B9C8 7460 32A1 539C
General key info..: [none]
Command> admin
Admin commands are allowed
Command> generate
Make off-card backup of encryption key? (Y/n) n
gpg: NOTE: keys are already stored on the card!
Replace existing keys? (y/N) y
gpg: DBG: asking for PIN 'PIN'
PIN
Please specify how long the key should be valid.
0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: ONCARD-NOBACKUP
Email address:
Comment:
You selected this USER-ID:
"ONCARD-NOBACKUP"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'
Admin PIN
gpg: please wait while key is being generated ...
gpg: key generation completed (26 seconds)
gpg: signing failed: wrong secret key used
gpg: make_keysig_packet failed: wrong secret key used
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (20 seconds)
gpg: signatures created so far: 0
gpg: signatures created so far: 0
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (14 seconds)
gpg: signatures created so far: 2
gpg: signatures created so far: 2
gpg: key 41ADB9DD marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024R/41ADB9DD 2005-01-09
Key fingerprint = 7815 7459 657E 29C6 B2DA D89C C9C9 D516 41AD B9DD
uid ONCARD-NOBACKUP
sub 1024R/4D07C21C 2005-01-09
sub 1024R/504D2B68 2005-01-09
Command> toggle
Invalid command (try "help")
Command> help
quit quit this menu
admin show admin commands
help show this help
list list all available data
name change card holder's name
url change URL to retrieve key
fetch fetch the key specified in the card URL
login change the login name
lang change the language preferences
sex change card holder's sex
cafpr change a CA fingerprint
forcesig toggle the signature force PIN flag
generate generate new keys
passwd menu to change or unblock the PIN
Command> q
bash-2.05b$ gpg --edit-key
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
usage: gpg [options] --edit-key user-id [commands]
bash-2.05b$ gpg --edit-key ONCARD
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Secret key is available.
pub 1024R/41ADB9DD created: 2005-01-09 expires: never usage: CSEA
trust: ultimate validity: ultimate
sub 1024R/4D07C21C created: 2005-01-09 expires: never usage: E
sub 1024R/504D2B68 created: 2005-01-09 expires: never usage: A
[ultimate] (1). ONCARD-NOBACKUP
Command> toggle
sec 1024R/41ADB9DD created: 2005-01-09 expires: never
card-no: 0001 000000F4
ssb 1024R/4D07C21C created: 2005-01-09 expires: never
card-no: 0001 000000F4
ssb 1024R/504D2B68 created: 2005-01-09 expires: never
card-no: 0001 000000F4
(1) ONCARD-NOBACKUP
Command> q
bash-2.05b$ gpg -e -r ONCARD-NOBACKUP test4.txt
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: ONCARD-NOBACKUP: skipped: unusable public key
gpg: test4.txt: encryption failed: unusable public key
bash-2.05b$
Fix
Do not use on-card, key gen (less secure?)