Page MenuHome GnuPG
Create Task
Maniphest T6820

SCD: Invalid ID when decrypting with brainpool key
Closed, InvalidPublic
Actions

Description

With faked-system-time I am using a signature v2 card which has both NISTP and Brainpool keys on them. Signing with brainpool works.

2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 <- SERIALNO --demand=89490171500000274290
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 -> S SERIALNO 89490171500000274290
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 -> OK
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 <- SETDATA 04A9070BB4C0B3A31D146CAD59E341A063EA5EEB3E38EB37DBD186671A73ED1CDF74C2A96F152804271E929C6BF74A807E12A00E58F9B978C386B2E08BE74EA30C
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 -> OK
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 <- PKDECRYPT NKS-ESIGN.4531
2023-11-15 11:00:51 scdaemon[10852] nks: switching to eSign
2023-11-15 11:00:51 scdaemon[10852] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=10 le=-1 em=0
2023-11-15 11:00:51 scdaemon[10852] DBG: PCSC_data: 00 A4 04 0C 0A A0 00 00 01 67 45 53 49 47 4E
2023-11-15 11:00:51 scdaemon[10852] DBG:  response: sw=9000  datalen=0
2023-11-15 11:00:51 scdaemon[10852] DBG:      dump: [all zero]
2023-11-15 11:00:51 scdaemon[10852] operation decipher result: Ungültige ID
2023-11-15 11:00:51 scdaemon[10852] app_decipher failed: Ungültige ID
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 -> ERR 100663414 Ungültige ID <SCD>
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 <- RESTART
2023-11-15 11:00:51 scdaemon[10852] DBG: chan_0x000002a4 -> OK

Event Timeline

aheinecke triaged this task as High priority.Nov 15 2023, 11:02 AM
aheinecke created this task.
werner added a comment.Nov 15 2023, 11:05 AM

You can't decrypt using the Esign application on such a card. Please provide more information off-tracker.

aheinecke added a comment.Nov 15 2023, 11:07 AM

Screenshot with details about the key in question. It might be a weird one since it does not have usage flags set. But this is the only brainpool key on my test card and it shows up for encryption in Kleopatra.

aheinecke closed this task as Invalid.Nov 15 2023, 11:23 AM

We decided that this is an invalid issue most likely related to the test cert / test card. We have tests done with real world Signature cards with brainpool and they worked.