Page MenuHome GnuPG

Pb with built-in CCID driver when performing on-card key generation
Closed, ResolvedPublic

Description

Release: 1.4.0

Environment

FreeBSD 5.3.0
SCM SCR331 CCID SmartCard reader (latest firmware)
OpenPGP SmartCard

Description

I don't have any problem generating a key on-card using a serial reader for example (GCR415) on FreeBSD.
Now if I use the SCR331 CCID (firmware updated to the latest .18), I can go through the key generation but it fails at the end :

gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted

I remember having the same problem on a Windows machine with the same reader (maybe I should try with the --disable-ccid to see how it goes with PC/SC). As soon as I find another CCID reader, I'll give it a try to with the built-in CCID driver.

How To Repeat

ash-2.05b$ gpg --card-edit
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

Command> admin

Command> generate
Make off-card backup of encryption key? (Y/n) y

gpg: DBG: asking for PIN 'PIN'
PIN
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:

"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: ONCARDBIS
Email address: ggg@qol.qqq
Comment:
You selected this USER-ID:

"ONCARDBIS <ggg@qol.qqq>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'

Admin PIN
gpg: please wait while key is being generated ...
gpg: key generation completed (17 seconds)
gpg: signing failed: wrong secret key used
gpg: make_keysig_packet failed: wrong secret key used
You need a Passphrase to protect your secret key.

..+++++
+++++
gpg: ccid_transceive failed: (0x1000a)
gpg: apdu_send_simple(0) failed: card I/O error
gpg: failed to store the key: general error
gpg: storing key onto card failed: general error

gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: error reading application data
gpg: key generation failed: general error
Key generation failed: general error

Command>

gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted
gpg: ccid_transceive failed: (0x1000d)
gpg: apdu_send_simple(0) failed: aborted

Fix

Unknown

Release Note

Fixed in CVS by applying the SCM workaround also for later versions. We need to figure out a list of fixed firmare versions per reader type.

Event Timeline

Please run

gpg --card-status --debug-ccid-driver

and send me the output (private mail s fine). A

lsusb -v

with the parts pertaining to the SCR331 will also help.