Re: “Hardware problem” with OpenPGP smart card
On Mon, 7 Dec 2020 23:37, Nicolas Boullis said: > Hence, I think my card is really dead. yeah :-( > I see that the card includes a signature counter (which reads 89), hence > I understand the card has to write the EEPROM (to update the counter) Yes, this one reason to write to the EEPROM. However, this is a way too low number for a failure. A few years ago we had a similar report and the Zeitcontrol folks did some testing. A 10 operations were not a problem at all. From my understanding the EEPROM of the chip used by Zeitcontrol allows for much more r/w cycles than what you usually get from an average Atmel or so microcontroller. Anyway, my STM32 based Gnuk token did about 8000 signing operaion with the first key. > between 1,000 and 10,000 authentications with that card. I think it > might be sufficient to wear an EEPROM. Nope. > Also, the card reports 2 tries left for the PIN code, which means that > my last try to unlock the unlock the pin was a failure. Did the card > somehow fail updating the retry counter? (Either when I typed the wrong It failed. Smartcards handle verification by first decrementing the retry counter, running the verify, and on success incrementing the retry counter. This is so that a power glitch can't be used to trick out the retry counter. This method explains why you see 2. > If there’s anything I can do to investigate that failure, please tell > me. The card should not allow you to investigate things even after a failure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security-Token: "No secret key" unless "gpg --card-status" first
On Tue, 8 Dec 2020 10:03, Patrick Ben Koetter said: > $ gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel (gpg: decryption failed: No secret key) > $ gpg --version > gpg (GnuPG) 2.2.24 Please update to 2.2.25 because of * scd: Fix regression in 2.2.24 requiring gpg --card-status before signing or decrypting. [#5065] Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Security-Token: "No secret key" unless "gpg --card-status" first
Greetings, my PGP secret key is stored on a Yubikey security token and until recently I would simply plug it into my computer and use it to encrypt/decrypt data. This stopped working and now all I get is this unless I command gpg first to list the card status using "gpg --card-status": $ gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel I'm not familiar with all the components that need to play together for this to work "plug & play", so I figured I'd start here first and find out if gpg requires some change in config to let it use the security token immediately. I'm on ARCH Linux and the software installed and hardware used is: $ gpg --version gpg (GnuPG) 2.2.24 libgcrypt 1.8.7 $ ykinfo -v version: 5.1.2 $ ykman --version YubiKey Manager (ykman) version: 3.1.1 Libraries: libykpers 1.20.0 libusb 1.0.23 $ gpg --card-status Reader ...: 1050:0407:X:0 Application ID ...: D276000124010201000609507516 Application type .: OpenPGP Version ..: 2.1 Manufacturer .: Yubico Serial number : 09507516 Name of cardholder: Patrick Ben Koetter Language prefs ...: [nicht gesetzt] Salutation ...: Hr. URL of public key : [nicht gesetzt] Login data ...: p...@sys4.de Signature PIN : nicht zwingend Key attributes ...: rsa2048 rsa4096 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 Signature key : [none] Encryption key: 74B5 --redacted-- created : 2014-03-28 16:28:13 Authentication key: [none] General key info..: sub rsa4096/3AB431AF62D277F5 2014-03-28 Patrick Ben Koetter sec rsa4096/5677226BCD1FD704 erzeugt: 2014-03-28 verfällt: niemals ssb> rsa4096/3AB431AF62D277F5 erzeugt: 2014-03-28 verfällt: niemals Kartennummer:0006 09507516 TIA, p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users