Page MenuHome GnuPG
Create Task
Maniphest T4177

card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN
Closed, ResolvedPublic
Actions

Description

This is a long standing bug (only occurs in the transition of changing by "forcesig", though).

To reproduce (assumption is it's "force" state for signing authentication):

$ gpg --clearsign -v some.txt && rm -f some.txt.asc
# Success here, card implementation resets its authentication state after signing,
# But GnuPG considers wrongly card auth state is still "authenticated"
$ gpg --card-edit
gpg/card> admin
gpg/card> forcesig             # this makes card "not forced"
gpg/card> quit
$ gpg --clearsign some.txt
# Here, the card actually require authentication, but GnuPG wrongly considers it's not needed, so...
signing failed: Bad PIN
# The card behavior is correct rejecting signing

Revisions and Commits

rG GnuPG
rG78f542e1f449 scd: Fix signing authentication status.
rG7e2b0488d135 scd: Fix signing authentication status.

Related Objects

Event Timeline

gniibe created this task.Oct 15 2018, 3:56 AM
gniibe updated the task description. (Show Details)
gniibe updated the task description. (Show Details)Oct 15 2018, 3:59 AM
gniibe changed the task status from Open to Testing.Oct 15 2018, 4:24 AM
gniibe added a commit: rG7e2b0488d135: scd: Fix signing authentication status..Oct 15 2018, 4:25 AM
gniibe added a commit: rG78f542e1f449: scd: Fix signing authentication status..
gniibe renamed this task from card: After "forcesig" command makes "not forced", signing fails by: Bad PIN to card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.Oct 15 2018, 10:36 AM
werner mentioned this in T4233: GnuPG 2.2.11 release.Nov 6 2018, 12:42 PM
gniibe closed this task as Resolved.Dec 13 2018, 3:44 PM