Page MenuHome GnuPG
Create Task
Maniphest T5178

scdaemon will throw "app_decipher failed" if "gpg --card-status" not issued beforehand
Closed, ResolvedPublic
Actions

Description

Hello,
I use a Yubikey NEO to store gpg keys, and have been doing decryption commands (i.e. pass show) directly so gpg-agent presents me the pinentry and after the PIN is entered decryption works fine.

Unfortunately those decryption commands can't be entered directly anymore, the pin entry will not be shown, decryption will fail and scdaemon log will show an app_decipher failed invalid id error.

I can only get a pinentry screen if I first enter a gpg --card-status command. This way, decryption commands will work for as long as the cache is set.

I'm unsure if this started to happen after a software update or after an update I did on the key expiration date.

I have pcsclite installed and scdaemon.conf has a disable-ccid directive to use it. It seems to be working fine by running pcsc_scan.

Kind regards.

Details

Version
gnupg 2.2.24-1 on Arch Linux

Related Objects

Event Timeline

aleprovencio created this task.Dec 10 2020, 4:29 PM
aleprovencio created this object in space S1 Public.
werner closed this task as Resolved.Dec 11 2020, 10:04 AM
werner claimed this task.
werner added a project: Duplicate.
werner added a subscriber: werner.

See the release info over at T5052 which notes the problem. See T5140 for details and update to 2.2.25.