When trying to sign things using gpg with my Nitrokey Pro 2 smart-card and SHA512 as the digest algorithm, the error signing failed: Conditions of use not satisfied appears. I initially reported this to the Nitrokey forums (see external link) and @szszszsz-nitrokey said it might be a problem with GnuPG, hence this bug report.
I believe I have confirmed that everything else is working as expected (see the strace transcripts in the external link), that the problem is specific to using SHA512, and that the problem occurs despite the smart-card supporting SHA512.
As per the request in the external link, I took some logs using scdaemon. They can be found at this GitHub gist.
I am happy to help investigate this further if need be. As far as I could tell, this issue has not already been reported.
My setup is as follows:
- OS: Linux 5.7.11
- GnuPG: 2.2.21
- libgcrypt: 1.8.6
- libnitrokey: 3.5
- Nitrokey Pro 2 version: 3.3
All the best,