YubiKey 5 Nano GPG --card-edit verify command causes a segfault
Closed, ResolvedPublic

Description

What should happen:
Running gpg2 --card-edit and then verify should probably just ask for my PIN. GPG's SSH agent can list my public keys and use them.

What happens:
Running gpg2 --card-edit and then verify causes a segfault.

I think this error is what also breaks gpg's SSH agent.

The same setup works with Windows and/or opensc.

OS: Fedora 33, latest everything

Details

Version
2.2.23
TaaviE created this task.Wed, Nov 18, 11:17 AM
werner added a subscriber: werner.Wed, Nov 18, 6:19 PM

We had some card related regressions in 2.2.23. I would appreciate if you could first test again with 2.2.24 which was released yesterday.

werner triaged this task as High priority.Thu, Nov 19, 8:41 AM
werner added a project: gnupg (gpg22).
gniibe claimed this task.Thu, Nov 19, 9:24 AM
gniibe added a subscriber: gniibe.

You have multiple readers and using PC/SC by specifying reader-port.
We fixed in master by T4998: scdaemon: PC/SC "No such device" without reader-port, and I didn't know similar fixes should be backported.
I will soon.

Building and installing 2.2.24 at least made it not crash, the very least it's an improvement in that respect.

I looked the gpg-agent.log, it indeed suggested the problem fixed in rG61aea64b3c17: scd: Fix the use case of verify_chv2 by CHECKPIN., which is included in 2.2.24.

If you encounter a problem like that in 2.2.22-2.2.24, please try doing gpg --card-status at first before actual use of card keys. Forthcoming 2.2.25 will fix all problems around that.

werner closed this task as Resolved.Mon, Nov 23, 7:59 PM