scdProject
ActivePublic

Watchers

  • This project does not have any watchers.

Recent Activity

Mon, Jan 11

werner triaged T5219: scd: Generating CSR for SigG NetKey card key fails as Low priority.

Lowered priority because in reality it is not possible to get a certificate for an arbitrary SigG key on the card. Only accredited CAs may issue certs and they want to keep full control over the key generation.

Mon, Jan 11, 8:35 PM · scd

Fri, Jan 8

werner closed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as Resolved.
Fri, Jan 8, 9:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Thu, Jan 7

ikloecker added a comment to T5219: scd: Generating CSR for SigG NetKey card key fails.

do_sign() calls find_fid_by_keyref() which does a switch_application(). So, I think the SigG application should already be active. But, yes, please have a look at it.

Thu, Jan 7, 4:11 PM · scd
werner added a comment to T5219: scd: Generating CSR for SigG NetKey card key fails.

We need to switch to the SigG application. Shall I look at it?

Thu, Jan 7, 12:04 PM · scd
ikloecker added a parent task for T5219: scd: Generating CSR for SigG NetKey card key fails: T5129: Kleopatra: Generate S/MIME CSR for NetKey card key.
Thu, Jan 7, 10:35 AM · scd
ikloecker created T5219: scd: Generating CSR for SigG NetKey card key fails.
Thu, Jan 7, 10:35 AM · scd

Wed, Jan 6

ikloecker added a commit to T5184: scd: Generating CSR for NetKey card key fails: rG7eef40cc1143: I meant "SHA-2 digests" in the previous commit..
Wed, Jan 6, 3:06 PM · scd
ikloecker closed T5184: scd: Generating CSR for NetKey card key fails as Resolved.
Wed, Jan 6, 12:22 PM · scd
ikloecker added a commit to T5184: scd: Generating CSR for NetKey card key fails: rG8fe976d5b9a0: scd:nks: Add support for signing plain SHA-3 digests..
Wed, Jan 6, 12:21 PM · scd

Tue, Jan 5

werner reassigned T5184: scd: Generating CSR for NetKey card key fails from werner to ikloecker.

It seems you have a pretty good understanding and also test cases at hand. May I ask you to apply the suggested pacthes to master?

Tue, Jan 5, 11:08 AM · scd
werner claimed T5184: scd: Generating CSR for NetKey card key fails.
Tue, Jan 5, 9:13 AM · scd

Fri, Dec 25

gniibe closed T5163: Cannot import NIST-P521 key to OpenPGP v3.3 smart card as Resolved.
Fri, Dec 25, 8:24 AM · Testing, gnupg, scd, Bug Report

Wed, Dec 23

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Already have set another, thanks gnibe! See ya!

Wed, Dec 23, 2:27 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please change your passphrase for your card, BTW.

Wed, Dec 23, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe changed the status of T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from Open to Testing.
Wed, Dec 23, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Good. The error recovery worked well.

Wed, Dec 23, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Tue, Dec 22

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..
$ gpg --card-status
$ gpgconf --kill scdaemon
$ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)

Tue, Dec 22, 5:43 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Mon, Dec 21

aheinecke closed T5186: SCD: Stable branch "Invalid ID" when attempting to sign with bp384 yubikey as Resolved.

Yes, that worked. Thanks for the tip and sorry for the noise ;-)

Mon, Dec 21, 11:11 AM · gnupg, scd
gniibe added a comment to T5186: SCD: Stable branch "Invalid ID" when attempting to sign with bp384 yubikey.

I think that ... For some reason, your private key file under .gnupg/private-keys-v1.d has wrong serial number.

Mon, Dec 21, 6:50 AM · gnupg, scd
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for your testing.
May I ask more test, please?

Mon, Dec 21, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Sun, Dec 20

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.

Sun, Dec 20, 2:19 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Fri, Dec 18

aheinecke created T5186: SCD: Stable branch "Invalid ID" when attempting to sign with bp384 yubikey.
Fri, Dec 18, 9:30 AM · gnupg, scd
ikloecker added a comment to T5184: scd: Generating CSR for NetKey card key fails.

Yes, makes sense. Although, you should use datalen = indatalen; in the last line (to prevent typos in the numbers).

Fri, Dec 18, 9:19 AM · scd

Dec 18 2020

gniibe added a comment to T5184: scd: Generating CSR for NetKey card key fails.

IIUC, for completeness, it would be good to add the lines like:

Dec 18 2020, 7:54 AM · scd

Dec 17 2020

ikloecker created T5184: scd: Generating CSR for NetKey card key fails.
Dec 17 2020, 3:08 PM · scd

Dec 16 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:55 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:25 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rG3c55e15cee4b: scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup..
Dec 16 2020, 2:18 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rG585cfca0a60b: scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR..
Dec 16 2020, 2:18 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 11 2020

gniibe added a commit to T5150: scd: For NetKey cards READKEY with keygrip fails: rG3b3926308813: scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref..
Dec 11 2020, 6:12 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Reading the code again, I think that some configuration of NKS card doesn't work well, when it has no certificates but keys (e.g. IDLM config).
I'm going to fix do_readkey as well (the approach #1).

Dec 11 2020, 1:13 AM · backport, gnupg (gpg23), scd

Dec 10 2020

ikloecker closed T5150: scd: For NetKey cards READKEY with keygrip fails as Resolved.

With little (mostly no) knowledge of NKS card, I think I fixed this issue.

Dec 10 2020, 10:39 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:

2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: interrupt callback 0 (2)
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: NotifySlotChange: 02
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: card removed
2020-12-10 11:23:05 scdaemon[7254] DBG: enter: apdu_get_status: slot=0 hang=0
2020-12-10 11:23:05 scdaemon[7254] DBG: leave: apdu_get_status => sw=0x1000c status=0
2020-12-10 11:23:05 scdaemon[7254] DBG: Removal of a card: 0
Dec 10 2020, 3:46 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5150: scd: For NetKey cards READKEY with keygrip fails: rG4020cd9d6562: scd:nks: Add support of KEYGRIP for do_readcert..
Dec 10 2020, 2:41 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Thanks a lot for your time to locate the problem. I took the approach of #2.

Dec 10 2020, 2:37 AM · backport, gnupg (gpg23), scd

Dec 9 2020

ikloecker closed T5161: scd: For NetKey cards KEYINFO with keygrip fails as Resolved.

This works now. Thanks.

Dec 9 2020, 12:23 PM · Testing, scd
ikloecker reassigned T5150: scd: For NetKey cards READKEY with keygrip fails from ikloecker to gniibe.

I'm not sure why I thought that it would work now. With current master I get

$ gpg-connect-agent "SCD READKEY --info-only -- 39400430E38BB96F105B740A7119FE113578B59D" /bye
ERR 100663414 Invalid ID <SCD>
Dec 9 2020, 12:19 PM · backport, gnupg (gpg23), scd
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rGf50373027222: scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup..
Dec 9 2020, 4:59 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a commit to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: rGffabc29d5ead: scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR..
Dec 9 2020, 4:43 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I checked the development log for the addition of:

libusb_clear_halt (handle->idev, handle->ep_intr);
Dec 9 2020, 4:35 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 12:57 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 9 2020, 12:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 8 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 8 2020, 11:44 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe renamed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from GnuPG 2.25 still have problems related to Yubikey. to GnuPG 2.25 still have problems related to Yubikey NEO..
Dec 8 2020, 12:01 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe triaged T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as High priority.
Dec 8 2020, 12:00 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Following device (a bit older than yours, I guess) works well:

DBG: ccid-driver: idVendor: 1050  idProduct: 0112  bcdDevice: 0334

When I configure it to OTP+FIDO+CCID, it also works for me, it is:

DBG: ccid-driver: idVendor: 1050  idProduct: 0116  bcdDevice: 0334
Dec 8 2020, 11:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thanks a lot.
Let me explain the situation.

Dec 8 2020, 2:33 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 7 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I changed the PIN, killed the gpg-agent and scdaemon, edited the scdaemon.conf to include your instruction, after, I run the following commands:

Dec 7 2020, 3:10 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for the information.
In the log, the driver detects removal of card wrongly.
That's the cause of this problem.

Dec 7 2020, 5:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report