Page MenuHome GnuPG

Trying to sign using SHA512 and a Nitrokey Pro 2 produces "Conditions of use not satisfied"
Closed, ResolvedPublic

Description

Hello,

When trying to sign things using gpg with my Nitrokey Pro 2 smart-card and SHA512 as the digest algorithm, the error signing failed: Conditions of use not satisfied appears. I initially reported this to the Nitrokey forums (see external link) and @szszszsz-nitrokey said it might be a problem with GnuPG, hence this bug report.
I believe I have confirmed that everything else is working as expected (see the strace transcripts in the external link), that the problem is specific to using SHA512, and that the problem occurs despite the smart-card supporting SHA512.

As per the request in the external link, I took some logs using scdaemon. They can be found at this GitHub gist.

I am happy to help investigate this further if need be. As far as I could tell, this issue has not already been reported.

My setup is as follows:

  • OS: Linux 5.7.11
  • GnuPG: 2.2.21
  • libgcrypt: 1.8.6
  • libnitrokey: 3.5
  • Nitrokey Pro 2 version: 3.3

All the best,
Thomas

Related Objects

Event Timeline

CodingCellist removed Version.
CodingCellist set Version to 2.2.21.
werner triaged this task as High priority.Aug 12 2020, 8:54 AM
werner added a project: gnupg (gpg22).
werner added a subscriber: werner.

You used --personal-digest-preferences to force the use of SHA-512, right?

Without that option the code would have selected SHA-384 as the matching hash algorithm for a brainpoolp385r1 curve. If you don't use a card truncation will happen and you use SHA-512 trunctated to 384 bit. A card, however, checks that the provided data matches the algorithm/curve and rejects the too long data.

The question is how we can solve this. I will consider to ignore the personal digest preferences and use the macthing hash algorithm. After all there is no security gain by using a truncated version.

werner claimed this task.

Fix will be in 2.2.22. Thanks for the report.

Awesome. Thank you for the explanation and for solving the issue.