Hi there,
I've been using OpenPGP smartcard to decrypt a keyfile to my drive
partition with gpg.
This worked until it broke after system upgrade some time around
November 2017 (I do not have the pacman pkg cache from that time).
> uname -a
Linux username 4.14.15-1-ARCH #1 SMP PREEMPT Tue Jan 23 21:49:25
UTC 2018 x86_64 GNU/Linux
> gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.2
_THE PROBLEM:_
> gpg --homedir "/etc/initcpio/gpg" -o "/keyfile.bin" --decrypt
"${key_file}"
The command above which is run inside custom initcpio hook fails with
status code: 2
And prints:
gpg: encrypted with <bit-length> RSA key, ID <key id>. created
<date> <owner name + email>
gpg: public key decryption failed: Invalid IPC response
gpg: decryption failed: No secret key
Interestingly enough, when I break into a shell with `break=premount`
kernel parameter and attempt to decrypt the keyfile by manually invoking
same set of commands, everything works. However the break=premount gets
triggered after the hook is run which might be why it works by that point.
The custom initcpio hook is available here:
https://github.com/fogine/initramfs-scencrypt
Particularly this line:
https://github.com/fogine/initramfs-scencrypt/blob/master/scencrypt-hook#L49
Note that before the decryption command, I run `gpg --card-status` which
successfully detects the smartcard and populates subkey secret stub.
These are hooks run at boot time (/etc/mkinitcpio.conf):
HOOKS="base udev autodetect modconf block filesystems keyboard fsck
scencrypt"
"scencrypt" being my custom hook.
I do not load any MODULES="" (in /etc/mkinicpio.conf) before the hooks
are run.
I struggle with debuging this issue, does anybody have an idea how I
could proceed further?
Thank you.
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
