Re: Mac Pinentry problem

2017-03-22 Thread Peter Lebbing 
On 17/03/17 22:44, Rainer Hoerbe wrote:
> I copied my key to a OpenPGP card and was able to create signatures
> and authentication via SSH using the card. Now moving the the Mac I
> am stuck with pinentry-mac, because it keeps asking me for another
> card.

I think GnuPG hasn't deleted your secret key stubs which still point to
the old smartcard with the different serial number. Unless I'm very much
mistaken, this is a shortcoming of GnuPG 2.1 currently.

The agent identifies keys by their so-called keygrip. You can see the
keygrips for your private key with:

$ gpg2 --with-keygrip -K 64C2F99E904F1906

These keygrips correspond to files in ~/.gnupg/private-keys-v1.d/. Just
bluntly remove these files, but be careful to only delete files
belonging to smartcard stubs! Double check each keygrip before deleting
them. In fact, make a backup of the directory first :-).

> gpg --delete-secret-keys 0x64C2F99E904F1906
> gpg2 --card-status
> gpg2 --clearsign /etc/hosts

Did you mean to write "gpg" there rather than "gpg2"?

You didn't indicate which version of GnuPG you're using, but your
problem sounds like a 2.1 problem to me. If you are using GnuPG 2.1, you
shouldn't mix it with GnuPG 1.4, that road leads to pain. They don't
share their private key storage, and might or might not share public key
storage depending on which version created the public key storage on the
very first invocation.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Mac Pinentry problem

2017-03-17 Thread Rainer Hoerbe 
I copied my key to a OpenPGP card and was able to create signatures and 
authentication via SSH using the card. Now moving the the Mac I am stuck with 
pinentry-mac, because it keeps asking me for another card.

gpg --delete-secret-keys 0x64C2F99E904F1906
gpg2 --card-status
gpg2 --clearsign /etc/hosts

pinentry-mac brings up a dialogue box, asking to insert the card with the 
serial number D27600012401020603037410. The Application ID (is this the 
serial number?) do not match. 

gpg2 --card-status
Reader ...: Gemalto PC Twin Reader
Application ID ...: D27600012401020100054EBD
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 4EBD
Name of cardholder: Rainer Hoerbe
Language prefs ...: de
Sex ..: male
URL of public key : [not set]
Login data ...: [not set]
Signature PIN : forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 2
Signature key : 7D23 36BF A95F F788 4C80  B7DA 64C2 F99E 904F 1906
  created : 2017-01-30 14:47:18
Encryption key: [none]
Authentication key: [none]
General key info..: pub  rsa2048/0x64C2F99E904F1906 2017-01-30 Rainer Hoerbe 
(Identinetics GmbH) 
sec>  rsa2048/0x64C2F99E904F1906  created: 2017-01-30  expires: 2027-01-28
  card-no: 0006 03037410


What could be the problem?

Thanks,
Rainer
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users