Hi, I am trying to replace my "old" keypair with one stored on a smartcard. I have a SCM SPR-332 (reader with pinpad), which seems to work fine with gpg. I can list the cards’ contents, create signatures and I’m asked to enter the pin on the pinpad:
% gpg -u '3352C710!' -b -a gpgsign.c.old -- I’m asked to enter the pin on the pinpad and do that % gpg --verify gpgsign.c.old.asc gpg: Signature made Fre 21 Sep 2012 12:34:52 CEST using RSA key ID 3352C710 gpg: Good signature from "Hendrik Niklas Jäger <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C899 4C00 FC3E 8048 4A06 AE7D F562 C121 DC25 6ED6 Subkey fingerprint: 2CE9 418C 8088 A1A2 0B8D 0FE6 861F B11E 3352 C710 3352C710 is the keyid of my signing subkey on the card: % gpg --list-secret-keys /home/henk/.gnupg/secring.gpg ----------------------------- sec 1024D/9914042F 2004-02-27 uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> uid Hendrik Jaeger <[email protected]> ssb 1024g/F22214D5 2004-02-27 sec# 2048R/DC256ED6 2012-08-23 uid Hendrik Niklas Jäger <[email protected]> ssb> 2048R/3352C710 2012-08-29 ssb> 2048R/769C5F55 2012-08-29 ssb> 2048R/E091D806 2012-08-29 % gpg --edit-key dc256ed6 gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/DC256ED6 created: 2012-08-23 expires: never usage: SC trust: unknown validity: unknown sub 2048R/3352C710 created: 2012-08-29 expires: 2013-08-29 usage: S sub 2048R/769C5F55 created: 2012-08-29 expires: 2013-08-29 usage: E sub 2048R/E091D806 created: 2012-08-29 expires: 2013-08-29 usage: S [ unknown] (1). Hendrik Niklas Jäger <[email protected]> So far everything is good. The problems seem to start when gpgme gets involved. I noticed problems when trying to use the new key on the card for mail-signing in claws-mail and status-signing in psi, which both use gpgme. I was pointed to https://github.com/kylehuff/gpgme-snippets/blob/master/gpgsign/gpgsign.c for a simple signing tool using gpgme. I adjusted it a little to allow specifying the keyid to use, both versions are found on https://gist.github.com/3709761/b4812694312b4a34748a7098eb61f2f9f73635ff. The diff looks like this: % diff gpgsign.c.old gpgsign.c 31a32 > gpgme_key_t secret_key; 64a66,73 > > // Find key to use > err = gpgme_get_key(ctx, keyID, &secret_key, 1); > fail_if_err (err); > > // Adding found key to signers > err = gpgme_signers_add(ctx, secret_key); > fail_if_err (err); (I have almost no experience with C or GPGME, so I’d appreciate any advice on how to make that any better!) It does not seem to work for my new key though: % ./gpgsign 9914042f 'test test test' Signing "test test test" with key 9914042f -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 test test test -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBcRMUACgkQ5PO/ypkUBC9nPgCfeK4N4j5/jB12l0q1dxEhSmL9 HWwAn1toIdL2pVcgZ2b0j7oAx1hzXG/4 =lk6b -----END PGP SIGNATURE----- Signature made with Key: 50F8BC65295CF4368BC9A3BAE4F3BFCA9914042F Created: 1348224197; Expires 0 Validity: unknown; Signature Status: GOOD % ./gpgsign dc256ed6 'test test test' Signing "test test test" with key dc256ed6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 test test test gpgsign.c:153: GPGME: No data I have absolutely no idea why that is happening or how to get it working properly. Am I doing something obvious wrong? What other information should I provide? Has anyone experienced similar problems and got them solved? Thank you for reading and any comments! Best regards Hendrik
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
