Release: 1.4.0
Environment
FreeBSD 5.3p2
Towitoko Serial Micro 110 V4.30 (PC/SC lite 1.2.0)
CCID readers don't show this abort situation
Description
During on-card (OpenPGP card) key generation, the admin code is asked.
If you enter a very small pin code like "123". GnuPG responds with "admin pin too short" but it will still ask you for a passphrase for the backup copy of the secret key.
Then it'll ask again for the Admin code. Entering the right admin code leads to Abort/Trap situation :
gpg: Ohhhh jeeee: ... this is a bug (keygen.c:917:write_keybinding)
secmem usage: 1408/3520 bytes in 2/15 blocks of pool 3936/32768
Abort trap
How To Repeat
The following can be repeated everytime with a PC/SC reader. The only condition is to enter a very short admin pin when requested then a passphrase then the right Admin pin.
bash-2.05b$ gpg --card-edit
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: detected reader `Towitoko 0 0'
Application ID ...: D2760001240101000001000000F40000
Version ..........: 1.0
Manufacturer .....: PPC Card Systems
Serial number ....: 000000F4
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 3 3
Signature counter : 4
Signature key ....: F214 CFE1 F847 D3F4 2CF3 8A1A 7DA0 38C2 92A5 15E3
Encryption key....: 1478 6592 2772 8418 6D3A EC0B EC51 3B16 2A95 0CF3
Authentication key: 9CC3 7574 807D 52F4 DA25 6397 DAD3 EAAA 1AF4 BF8C
General key info..:
pub 1024R/92A515E3 2005-01-24 chipdrive4 <chip@drive4.com>
Command> admin
Admin commands are allowed
Command> generate
Make off-card backup of encryption key? (Y/n) Y
gpg: NOTE: keys are already stored on the card!
Replace existing keys? (y/N) y
gpg: DBG: asking for PIN 'PIN'
PIN
Please specify how long the key should be valid.
0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: test
Name must be at least 5 characters long
Real name: testtest
Email address: test@test.com
Comment:
You selected this USER-ID:
"testtest <test@test.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'
Admin PIN <------ ENTERED A VERY (TOO) SHORT ADMIN PIN (e.g 123)
gpg: PIN for CHV3 is too short; minimum length is 8
gpg: key generation failed: bad passphrase
You need a Passphrase to protect your secret key.
+++++
.+++++
gpg: 3 Admin PIN attempts remaining before card is permanently locked
gpg: DBG: asking for PIN '|A|Admin PIN'
Admin PIN
gpg: NOTE: backup of card key saved to `/home/alpha/.gnupg/sk_42B4F5845239BCC9.gpg'
gpg: Ohhhh jeeee: ... this is a bug (keygen.c:917:write_keybinding)
secmem usage: 1408/3520 bytes in 2/15 blocks of pool 3936/32768
Abort trap
bash-2.05b$
Fix
Unknown
Release Note
Will go into 1.4.1