After upgrading to 2.2.22, my Nitrokey stopped being recognized by GnuPG automatically. If I attempt e.g. to decrypt a file, I get:
gpg: encrypted with 4096-bit RSA key, ID 580C5E1242C5AD46, created 2013-02-20 "Michał Górny (Gentoo) <email@example.com>" gpg: public key decryption failed: End of file gpg: decryption failed: No secret key
Running gpg --card-status causes it to find the Nitrokey and start working correctly. However, in previous versions this worked out of the box.
I've been able to bisect this to the following commit:
commit d2f1a0a791db3eb03c003365cbcd010bd8066edb (HEAD, refs/bisect/bad) Author: NIIBE Yutaka <firstname.lastname@example.org> Date: 2020-08-27 03:41:51 +0200 scd: Add condition for VERIFY with 0x82. * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- Backport master commit of: af189be481df02a77e088aa0a60a1fc02dfa12bf With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <email@example.com>
This is Gentoo Linux. Problem reproduced with 2.2.22 and git STABLE-BRANCH-2-2.
The seemingly non-privacy-infringing portion of card-status:
Reader ...........: 20A0:4108:000000000000000000008655:0 Application ID ...: D2760001240103030005000086550000 Application type .: OpenPGP Version ..........: 3.3 Manufacturer .....: ZeitControl