scd: For NetKey cards KEYINFO with keygrip fails
Closed, ResolvedPublic


This is with master. This does actually happen when trying to generate an OpenPGP public key for NetKey card keys with gpg --quick-gen-key --yes card where this makes gpg/pinentry ask for the card that is already inserted, but it's easier/faster to reproduce as follows (the first few SCD commands may not be necessary):
Plug in card reader (I have an IDENTIV SPR332 V2) and insert NetKey card. Then run

$ gpg-connect-agent "SCD SERIALNO --all" /bye
S SERIALNO 89490173300026616520

$ gpg-connect-agent "SCD LEARN --keypairinfo" /bye
S CHV-STATUS -4+0+-4+0
S KEYPAIRINFO 39400430E38BB96F105B740A7119FE113578B59D NKS-NKS3.4531 sa - rsa2048
S KEYPAIRINFO 42C3CA6F9D7A725A59DDE06B16B61E88C62777C4 NKS-NKS3.45B1 e - rsa2048
S KEYPAIRINFO 20E7CB1D5299669CABF29B103C692AB34CB03528 NKS-NKS3.45B2 e - rsa1024
S KEYPAIRINFO A69B0D3796EE33E4426E5CE4B6BEEE5F1209FBA4 NKS-SIGG.4531 se - rsa2048

$ gpg-connect-agent "SCD KEYINFO 39400430E38BB96F105B740A7119FE113578B59D" /bye
ERR 100663323 Not found <SCD>

Maybe a similar fix as for T5150 is needed.

gniibe added a subscriber: gniibe.EditedDec 2 2020, 9:13 AM

I can't see how it occurs. "SCE KEYINFO" and "SCD READKEY" with keygrip both goes exactly same code path (the difference is only the "action" argument).

Does "SCD READKEY <KEYGRIP>" also fail in the situation "SCD KEYINFO" fails?

gniibe added a comment.EditedDec 3 2020, 7:44 AM

I found a bug which resulted "Not Found <SCD>" when "SCD KEYINFO" is used with "--data" or "--".
It is fixed in rG54b88ae46062: scd: Fix KEYINFO command with --data option..

gniibe claimed this task.Dec 3 2020, 8:26 AM
gniibe added a project: Testing.

I think that T5150 was also not fixed completely.

I pushed another fix of rG87d2c579cc38: scd:nks: Fix caching keygrip (more)., which fixes both cases, hopefully.

gniibe triaged this task as Normal priority.Dec 3 2020, 8:26 AM
ikloecker closed this task as Resolved.Dec 9 2020, 12:23 PM

This works now. Thanks.