Page MenuHome GnuPG

Abort/Trap if Admin pin too short when doing on-card key gen
Closed, ResolvedPublic

Description

Release: 1.4.0

Environment

FreeBSD 5.3p2
Towitoko Serial Micro 110 V4.30 (PC/SC lite 1.2.0)

Description

During on-card (OpenPGP card) key generation, the admin code is asked.
If you enter a very small pin code like "123". GnuPG responds with "admin pin too short" but it will still ask you for a passphrase for the backup copy of the secret key.
Then it'll ask again for the Admin code. Entering the right admin code leads to Abort/Trap situation :
gpg: Ohhhh jeeee: ... this is a bug (keygen.c:917:write_keybinding)
secmem usage: 1408/3520 bytes in 2/15 blocks of pool 3936/32768
Abort trap

How To Repeat

The following can be repeated everytime. The only condition is to enter a very short admin pin when requested then a passphrase then the right Admin pin.

bash-2.05b$ gpg --card-edit
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

gpg: detected reader `Towitoko 0 0'
Application ID ...: D2760001240101000001000000F40000
Version ..........: 1.0
Manufacturer .....: PPC Card Systems
Serial number ....: 000000F4
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 3 3
Signature counter : 4
Signature key ....: F214 CFE1 F847 D3F4 2CF3 8A1A 7DA0 38C2 92A5 15E3
Encryption key....: 1478 6592 2772 8418 6D3A EC0B EC51 3B16 2A95 0CF3
Authentication key: 9CC3 7574 807D 52F4 DA25 6397 DAD3 EAAA 1AF4 BF8C
General key info..:
pub 1024R/92A515E3 2005-01-24 chipdrive4 <chip@drive4.com>

Command> admin
Admin commands are allowed

Command> generate
Make off-card backup of encryption key? (Y/n) Y

gpg: NOTE: keys are already stored on the card!

Replace existing keys? (y/N) y
gpg: DBG: asking for PIN 'PIN'

PIN
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:

"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: test
Name must be at least 5 characters long
Real name: testtest
Email address: test@test.com
Comment:
You selected this USER-ID:

"testtest <test@test.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'

Admin PIN <------ ENTERED A VERY (TOO) SHORT ADMIN PIN (e.g 123)
gpg: PIN for CHV3 is too short; minimum length is 8
gpg: key generation failed: bad passphrase
You need a Passphrase to protect your secret key.

+++++
.+++++
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'

Admin PIN
gpg: NOTE: backup of card key saved to `/home/alpha/.gnupg/sk_42B4F5845239BCC9.gpg'

gpg: Ohhhh jeeee: ... this is a bug (keygen.c:917:write_keybinding)
secmem usage: 1408/3520 bytes in 2/15 blocks of pool 3936/32768
Abort trap
bash-2.05b$

Fix

Unknown

Event Timeline

werner added a subscriber: werner.

Discarded on authors request