"passwd" on a subkey wipes out OpenPGP card stubs
Closed, ResolvedPublic

Description

Release: 1.4.0

Environment

Win2K and FreeBSD 5.3
SCM SCR331 CCID SmartCard reader (latest firmware) and Gemplus GRC415
OpenPGP SmartCard

Description

Assuming that I have :

  • primary signing key in OpenPGP card (RSA1024) (stub in local keyring)
  • encryption subkey (RSA1024) in OpenPGP card (stub in local keyring). Now if I add an additional encryption subkey (RSA1024) to my local keyring I have something like :

    pub 1024R/3186D0DD created: 2005-01-09 expires: never usage: CS trust: ultimate validity: ultimate sub 1024R/7FFB5067 created: 2005-01-09 expires: never usage: E sub 1024R/012BAB53 created: 2005-01-09 expires: never usage: E [ultimate] (1). TESTNUMBER4

    Command> toggle

    sec 1024R/3186D0DD created: 2005-01-09 expires: never card-no: 0001 000000F4 ssb 1024R/7FFB5067 created: 2005-01-09 expires: never card-no: 0001 000000F4 ssb 1024R/012BAB53 created: 2005-01-09 expires: never (1) TESTNUMBER4

    If I edit the keyring, select the last key added (external subkey) and do a passwd, the links to the smart card get wiped out for the two first keys and the key becomes unusable.

    sec 1024R/3186D0DD created: 2005-01-09 expires: never ssb 1024R/7FFB5067 created: 2005-01-09 expires: never ssb* 1024R/012BAB53 created: 2005-01-09 expires: never (1) TESTNUMBER4

How To Repeat

bash-2.05b$ gpg --edit-key TESTNUMBER4
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Secret key is available.

pub 1024R/3186D0DD created: 2005-01-09 expires: never usage: CS

trust: ultimate      validity: ultimate

sub 1024R/7FFB5067 created: 2005-01-09 expires: never usage: E
sub 1024R/012BAB53 created: 2005-01-09 expires: never usage: E
[ultimate] (1). TESTNUMBER4

Command> key 2

pub 1024R/3186D0DD created: 2005-01-09 expires: never usage: CS

trust: ultimate      validity: ultimate

sub 1024R/7FFB5067 created: 2005-01-09 expires: never usage: E
sub* 1024R/012BAB53 created: 2005-01-09 expires: never usage: E
[ultimate] (1). TESTNUMBER4

Command> toggle

sec 1024R/3186D0DD created: 2005-01-09 expires: never

card-no: 0001 000000F4

ssb 1024R/7FFB5067 created: 2005-01-09 expires: never

card-no: 0001 000000F4

ssb 1024R/012BAB53 created: 2005-01-09 expires: never
(1) TESTNUMBER4

Command> key 2

sec 1024R/3186D0DD created: 2005-01-09 expires: never

card-no: 0001 000000F4

ssb 1024R/7FFB5067 created: 2005-01-09 expires: never

card-no: 0001 000000F4

ssb* 1024R/012BAB53 created: 2005-01-09 expires: never
(1) TESTNUMBER4

Command> passwd
Please use the command "toggle" first.

Command> toggle

pub 1024R/3186D0DD created: 2005-01-09 expires: never usage: CS

trust: ultimate      validity: ultimate

sub 1024R/7FFB5067 created: 2005-01-09 expires: never usage: E
sub* 1024R/012BAB53 created: 2005-01-09 expires: never usage: E
[ultimate] (1). TESTNUMBER4

Command> passwd
Key is protected.
Enter the new passphrase for this secret key.

Command> list

pub 1024R/3186D0DD created: 2005-01-09 expires: never usage: CS

trust: ultimate      validity: ultimate

sub 1024R/7FFB5067 created: 2005-01-09 expires: never usage: E
sub* 1024R/012BAB53 created: 2005-01-09 expires: never usage: E
[ultimate] (1). TESTNUMBER4

Command> toggle

sec 1024R/3186D0DD created: 2005-01-09 expires: never
ssb 1024R/7FFB5067 created: 2005-01-09 expires: never
ssb* 1024R/012BAB53 created: 2005-01-09 expires: never
(1) TESTNUMBER4

===> card-no stubs for two first keys have disappeared!

Fix

Unknown

Release Note

Fixed in CVS

werner added a subscriber: werner.

Fixed in CVS. Related to #401

werner added a comment.Mar 7 2005, 1:00 PM

Fixed in 1.4.1rc2 and earlier

werner closed this task as Resolved.Mar 7 2005, 1:00 PM
werner removed a project: Testing.