keytocard: invalid value
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• ebo
	Feb 16 2023, 11:59 AM

Description

Start with a yubikey which already has OpenPGP keys on it. Either RSA or Brainpool.
Then try with keytocard to overwrite with the other type of key.
This results in

gpg: KEYTOCARD failed: Invalid value

Overwriting with the same key type is accepted.

Details

Version: 3.1.26, 3.2.0.0

Revisions and Commits

rG GnuPG
	rG4c456bf07508 scd:openpgp: Fallback to default ECDH params in writekey.
	rG1d472e4934b8 scd:openpgp: Print a diagnostic for the use of default ECDH params.
	rG92af3f88a9df gpg: Pass ECDH parameters to OpenPGP smartcards
	rGd03d0add1289 agent: Add optional ecdh parameter arg to KEYTOCARD.
	rGb262a21c617d scd:openpgp: Support the ecdh-params arg for writing keys.
	rGc03ba92576e3 gpg: Fix writing ECDH keys to OpenPGP smartcards.
	rGfa4f716917e5 gpg: Make sure that we are not accidently working with the PIV app.
	rG5118beeec18f gpg: Delete secret key after "keytocard".
	rG2e065b4bd2d3 scd,openpgp: Switch key attributes between RSA and ECC in writekey.
	rG706d557a6451 gpg: Delete secret key after "keytocard".
	rG2630872cff71 scd,openpgp: Switch key attributes between RSA and ECC in writekey.
	rG08cc34911470 gpg: Allow no version information of Yubikey

Related Objects
Search...

Status	Assigned	Task
Resolved	• werner	T6378 keytocard: invalid value
Resolved	• werner	T6382 keytocard fails to import a nistp384 ECDSA key
Open	• werner	T6465 Store the ECDH parameters in the key file
Open	• werner	T6620 Add a way to extract ECC key parameters from a public key

Event Timeline

• ebo created this task.Feb 16 2023, 11:59 AM

• werner triaged this task as Normal priority.Feb 17 2023, 7:53 AM

• werner added projects: gnupg22, Bug Report.

• werner mentioned this in T6382: keytocard fails to import a nistp384 ECDSA key.Feb 21 2023, 2:45 PM

• werner added a subtask: T6382: keytocard fails to import a nistp384 ECDSA key.Feb 21 2023, 3:09 PM

• werner moved this task from Backlog to WiP on the gnupg22 board.Mar 14 2023, 10:49 AM

• werner claimed this task.Mar 14 2023, 10:53 AM

• werner added a commit: rG08cc34911470: gpg: Allow no version information of Yubikey.Mar 14 2023, 11:35 AM

Ooops. We do not have the automatic chnage of key type in the WRITEKEY command of scdaemon. This is only done when generating a key.

• werner added a commit: rG2630872cff71: scd,openpgp: Switch key attributes between RSA and ECC in writekey..Mar 14 2023, 4:17 PM

Fixed in 2.2 need to check 2.4

• werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Mar 14 2023, 4:18 PM

• werner closed subtask T6382: keytocard fails to import a nistp384 ECDSA key as Resolved.

• werner added a commit: rG706d557a6451: gpg: Delete secret key after "keytocard"..Mar 15 2023, 9:37 AM

• werner added a commit: rG2e065b4bd2d3: scd,openpgp: Switch key attributes between RSA and ECC in writekey..Mar 15 2023, 9:43 AM

• werner added a commit: rG5118beeec18f: gpg: Delete secret key after "keytocard"..

• werner moved this task from Backlog to QA on the gnupg24 board.Mar 15 2023, 9:43 AM

• werner removed • werner as the assignee of this task.Mar 15 2023, 11:43 AM

• werner added a subscriber: • werner.

works in 3.1.27.0-beta44

• werner moved this task from QA to gnupg-2.2.42 on the gnupg22 board.Apr 4 2023, 10:18 AM

• werner edited projects, added gnupg22 (gnupg-2.2.42); removed gnupg22.

Test with GnuPG 2.4.1-beta76 failed with "error getting current key info: invalid name":

gpg> keytocard
Den Hauptschlüssel wirklich verschieben? (j/N) y
gpg: Fehler beim Holen der aktuellen Schlüsselinfo: Ungültiger Name

• ebo changed the task status from Testing to Open.Apr 12 2023, 2:37 PM

• ebo moved this task from QA to Backlog on the gnupg24 board.

• ebo moved this task from Backlog to WiP on the gnupg24 board.Apr 12 2023, 2:40 PM

• werner claimed this task.Apr 12 2023, 2:43 PM

Unfortunately I can't replicate that with my Yubikey on 2.4.1. Tried several variant and with and without keyboxd. My Yubikey has PIV disabled but I doubt that this is the problem.

my Yubikey works, too, if I disable PIV. With enabled PIV:

4 - 2023-04-13 11:43:26 scdaemon[2604]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 0'
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec -> S SERIALNO D2760001240100000006154932980000
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec -> OK
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec <- GETATTR SERIALNO
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: slot 0: have=piv want=piv keyref=[none]
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec -> S SERIALNO D2760001240100000006154932980000
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec -> OK
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec <- GETATTR KEY-FPR
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: slot 0: have=piv want=piv keyref=[none]
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: slot 0 app piv: calling getattr(KEY-FPR)
4 - 2023-04-13 11:43:26 scdaemon[2604]: DBG: chan_0x000002ec -> ERR 100663384 Ung�ltiger Name <SCD>

• werner added a commit: rGfa4f716917e5: gpg: Make sure that we are not accidently working with the PIV app..Apr 18 2023, 5:07 PM

To replicate the problem it is best to use Windows. Should be solved with my commit. Note that the bug is specific to 2.4 dues to irts multi-card and app support. There was no problem on 2.2.

• ebo changed the task status from Open to Testing.Apr 19 2023, 8:57 AM

• ebo mentioned this in T6464: No error message if PIN wrong on keytocard.Apr 21 2023, 11:15 AM

• werner mentioned this in T6465: Store the ECDH parameters in the key file.Apr 21 2023, 3:12 PM

• werner removed a subtask: T6465: Store the ECDH parameters in the key file.Apr 21 2023, 3:21 PM

• werner added a commit: rGc03ba92576e3: gpg: Fix writing ECDH keys to OpenPGP smartcards..Apr 21 2023, 3:29 PM