On Thu, 2018-02-08 at 19:47 -0500, Daniel Kahn Gillmor wrote: > Control: severity 889751 serious > > Hi Corsac-- > > On Wed 2018-02-07 11:28:42 +0100, Yves-Alexis Perez wrote: > > On Tue, 2018-02-06 at 20:42 +0100, Yves-Alexis Perez wrote: > > > > > since the recent 2.2.4-2 upgrade, when trying to use my smartcard (auth > > > key for SSH for example), I get: > > > > > > févr. 06 20:37:35 scapa gpg-agent[1793]: scdaemon[26257]: verify CHV2 > > > failed: Bad PIN > > > févr. 06 20:37:35 scapa gpg-agent[1793]: scdaemon[26257]: app_auth > > > failed: Bad PIN > > > févr. 06 20:37:35 scapa gpg-agent[1793]: smartcard signing failed: Bad > > > PIN > > > > > > even though I'm sure it's the right PIN. > > ugh, i'm sorry to hear this. > > > > At that point I'm a little reluctant in doing another try because it's > > > the last one before I need to get my admin PIN. > > > > Downgrading scdaemon, gpg-agent and gpgconf to 2.2.4-1 fixes the problem. > > If > > you need more information, please ask. > > I think the main likely culprit is > debian/patches/scd-Support-KDF-Data-Object-of-OpenPGPcard-V3.3.patch, > which was cherry-picked from upstream. > > Can you give more detail about what specific smartcard you have?
It's the setup described on https://www.corsac.net/?rub=blog&post=1588 so a JavaCard running the SmartPGP applet from https://github.com/ANSSI-FR/smartPGP I'm adding Arnaud to the loop because he's the main developer, and I can actually see that the last commit (https://github.com/ANSSI-FR/SmartPGP/commit /78d769b671e429b6e3e7b2454b869a66f269741f) seems very relevant. So maybe the bug actually lies here rather than in scdaemon. > > can you try rebuilding with that patch removed and testing that? If > you'd prefer i upload something to experimental for you to try without > having to rebuild, let me know and i'll do that. Yes, I can try a rebuild and report back, but I'll first investigate SmartPGP. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part