Trezor - Could this be the model for a PGP crypto device?

Yesterday in Las Palmas de Gran Canaria, I attended a [talk][1] by Marek Palatinus, one of the relatively early Bitcoin miners and cofounder of [SatoshiLabs][2]. He gave an introduction to his path into Bitcoin, and things that went wrong, and then he presented the [Trezor][3] crypto device. The T

Re: Trezor - Could this be the model for a PGP crypto device?

On Sat, Mar 7, 2015 at 12:44 AM, NIIBE Yutaka wrote: > Well, I don't believe the device with good UI, in general. It’s not about the UI being pretty. What I like about Trezor is that it’s small yet has basically an external PIN pad, and every transaction has to be confirmed by the push of a butto

Generating 4096 bit key fails – why?

As already mentioned in the October 2015 thread “Bad secret key” on , I cannot generate a 4096 bit on my [OpenPGP card][1]. What could be the issue? Details: $ uname -a Linux felix-arch 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST 2015 x86_64 GNU/Linux $ gpg --version g

Re: Generating 4096 bit key fails – why?

On Tue, Oct 27, 2015 at 9:09 PM, Werner Koch wrote: > Please add > > --8<---cut here---start->8--- > debug 1024 > debug 2048 > log-file /this/is/my/scdaemon.log > --8<---cut here---end--->8--- > > to scdaemon.conf, kill

Re: Generating 4096 bit key fails – why?

On Mon, Nov 2, 2015 at 3:04 AM, NIIBE Yutaka wrote: > It failed when gpg frontend tried to change the key attribute for > RSA-4096. > >> […] > > Do you happened to have (and run) old scdaemon of 2.0? Unfortunately that doesn’t seem to be the explanation. After starting `gpg --card-edit`, I checke

Re: Generating 4096 bit key fails – why?

On Wed, Nov 4, 2015 at 3:09 AM, NIIBE Yutaka wrote: > Here is a fix. It will be in the next release. > > http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c5a9fedba66361ddd9f596528882750068543298 Thanks! Any idea when the next release is scheduled to be available? I tried installi

Re: Generating 4096 bit key fails – why?

On Tue, Nov 17, 2015 at 6:01 PM, Werner Koch wrote: > We now plan for some time in the next week. Seems like that didn't happen. I'm without a working crypto card since August. :-( ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.o

Re: Generating 4096 bit key fails – why?

After the second attempt with GnuPG 2.1.10, I got all three 4096 bit keys generated on card, which took a while: > admin […] > generate […] gpg: key 28C1B3D1 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 m

How to export ASCII armored secret key without passphrase?

There’s a known issue: Is there any workaround? For example, could I export an ASCII armored key with a passphrase, then decrypt the exported key? Command that failed without passphrase (the key doesn't have one): $ gpg --armor --export-secret-keys >k

Re: How to export ASCII armored secret key without passphrase?

On Wed, Jan 20, 2016 at 6:13 PM, Peter Lebbing wrote: > $ gpg2 --export-secret-keys | gpg --import Thanks! On my system, Arch, that’s: $ gpg --export-secret-keys | gpg1 --import ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg

gpg: KEYTOCARD failed: Unusable secret key

Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I want to install the key to a second card, but that failed: # gpg --edit-key $KEY [...] gpg> toggle [...] ggp> keytocard Really move the primary key? (y/N) y [...] Please select where to store the ke

Re: gpg: KEYTOCARD failed: Unusable secret key

On Tue, Jul 26, 2016 at 1:22 PM, Andrew Gallagher wrote: > What does it say when you run "gpg --list-secret-keys" on your local > machine now? *Without* the smart card reader connected, it says: # gpg –list-secret-keys /ramdisk/pubring.kbx sec> rsa4096 2016-

Re: gpg: KEYTOCARD failed: Unusable secret key

On Tue, Jul 26, 2016 at 1:22 PM, Andrew Gallagher wrote: > If you want to keep a backup copy on local disk, you need to quit > *without saving* immediately after running 'keytocard'. Hitting to quit did the trick. Now I could copy the key – a new one – to two cards. Thanks for the suggestion! B

Crypto device where I need to confirm every operation?

I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN

Re: Talking about Cryptodevices... which one?

On Fri, Jan 23, 2015 at 3:25 AM, Faramir wrote: > Any advice? I bought an OpenPGP smart card at [cryptoshop][1]. Whether they ship to Chile, I don’t know. The cards are actually distributed by [kernel concepts][2]. I called them, and they told me: * Currently they don’t have cards in stock.

Re: Crypto device where I need to confirm every operation?

On Thu, Jan 22, 2015 at 6:34 PM, Johannes Zarl wrote: > On my setup, the smartcard seems to only allow one sign operation per > pin-entry. Right, for signing I am always asked for the PIN. I didn't check that before posting. ___ Gnupg-users mailing lis

Re: Talking about Cryptodevices... which one?

On Sat, Jan 24, 2015 at 4:05 AM, NIIBE Yutaka wrote: > gnuk (running on the FST-01) How does that store the private key? Password encrypted? A smart card stores the key unencrypted, right? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://list

Re: Talking about Cryptodevices... which one?

On Tue, Jan 27, 2015 at 5:19 PM, Andreas Schwier wrote: > The platform we use for the SmartCard-HSM generates a random AES key > during platform initialization and encrypts all key material in EEPROM > under this key. The only time the key is handled in plain (plain > meaning within the protected

Re: Talking about Cryptodevices... which one?

On Tue, Jan 27, 2015 at 6:14 PM, Andreas Schwier wrote: > The encryption on the card is unrelated to the PIN. So the private key is encrypted with an AES key that is also stored on the card? Then why encrypt the private key at all? Against what attack does encryption of the private key on the car

Re: Talking about Cryptodevices... which one?

On Wed, Jan 28, 2015 at 1:46 AM, NIIBE Yutaka wrote: > From the viewpoint of getting unencrypted private key, it's like: > > On flash ROM: Private key encrypted --\ > \ > On flash ROM: DEK encrypted --\ [AES]--> Private key >

gpg: [don't know]: 1st length byte missing

See the attached file. When I try to decrypt it using `gpg -d`, I get: gpg: [don't know]: 1st length byte missing `gpg --version` (on Windows): gpg (GnuPG) 2.2.1 libgcrypt 1.8.1 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later

Re: gpg: [don't know]: 1st length byte missing

On Sun, Oct 22, 2017 at 12:06 PM, wrote: > please list the encrypted text as part of the inline message. Thanks for pointing that out. Here you go: -BEGIN PGP ARMORED FILE- Comment: Use "gpg --dearmor" for unpacking hQIMAwT9940Wed2UAQ//X3XcOwKvauUCfRI0tqWBrf4CUs/HnzJgaLgL3snxCd0T cYr78

Re: gpg: [don't know]: 1st length byte missing

Thanks, Werner! No backup, and I think there is no way to recover the password, which - in this case - is very unfortunate. :( I wonder how this happened. The drive is a Samsung EVO SSD with NTFS. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http:

Cannot decrypt file encrypted with enQsig

validity: ultimate ssb rsa4096/04FDF78D1679DD94 created: 2016-12-17 expires: 2018-12-17 usage: E card-no: 0005 4980 [ultimate] (1). Felix E. Klee The sender then prepared the encrypted file using a software called enQsig: “wir verwenden eine zentrale Gateway

Re: Cannot decrypt file encrypted with enQsig

. Trying to guess what you mean .. . pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 [SC] [expires: 2018-12-17] 5EF8B6017F668171259945D6BEF6EFD38FE8DCA0 uid Felix E. Klee sub rsa4096/04FDF78D1679DD94 2016-12-17 [E] [expires: 2018-12-17] > Could you prov

Re: Cannot decrypt file encrypted with enQsig

Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe, und die ich erfolgreich entschlüsseln kann: >gpg --list-packets foo.gpg gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " # off=0 ctb=85 tag=

Re: Cannot decrypt file encrypted with enQsig

its] gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid value gpg: e

Re: Cannot decrypt file encrypted with enQsig

On Mon, Jul 30, 2018 at 12:40 PM, Felix E. Klee wrote: > “Invalid value” Same on Linux BTW (with the Cherry ST-2000). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot decrypt file encrypted with enQsig

4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee " gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key $ gpg --list-packets new.gpg gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE

Re: Cannot decrypt file encrypted with enQsig

On Thu, Aug 2, 2018 at 2:14 PM, Peter Lebbing wrote: > So I think it's a safe bet they also screwed up the PKESK packet for > your subkey, and the error is indeed related to it not representing a > valid session key. As I would like to understand things a bit better, do you think it is possible t

Re: Cannot decrypt file encrypted with enQsig

gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key gpg: secmem usage: 0/32768 bytes in 0 blocks $ gpg --v

Re: Cannot decrypt file encrypted with enQsig

On Wed, Aug 15, 2018 at 12:13 PM, Peter Lebbing wrote: > Here's the catch: unless you have an on-disk copy of your private > encryption key, you can't. [if enQsig uses 3DES] I do have a backup of the private key, but it’s 1. out of reach at the moment and 2. it’s a pain to restore. So far, I’m st

Android/Termux: How to build gpg-agent without maintainer mode?

I managed to get `gpg-agent` run with USB smart card support under Android/Termux: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19 What bugs me is that I had to compile in maintainer mode: Now I get warnings that the software should not used be used with production keys. Maintain

Re: Android/Termux: How to build gpg-agent without maintainer mode?

On Wed, Aug 22, 2018 at 1:08 PM, Dirk Gottschalk wrote: > There's nothing what should "bug" you. Well if I call `g10/gpg` in the build, I get a big fat warning: gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a produ

Re: Android/Termux: How to build gpg-agent without maintainer mode?

On 8/22/18, Dirk Gottschalk wrote: > This depends on the source of your source version. If it is from a > release tarball, this shouldn't bother you. > > I only get this warning if I have compiled from the GIT repository. Uh oh, I didn’t check out a release! Changed the [build instructions][1] no

Communication with card reader encrypted?

When I decrypt a file using an OpenPGP card, is the communication between a USB card reader and the GnuPG daemon encrypted? Or: Is the decrypted session key sent unencrypted through the cable? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lis

Re: Communication with card reader encrypted?

On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk wrote: > This is a really interesting question. But, does this really matter > got an USB device? If there is a program on your computer, which > interceps the communication, the security of you system is already > broken. I am more thinking about

Re: Communication with card reader encrypted?

On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing wrote: > The OpenPGP smartcard and generic smartcard protocols do define > "Secure Messaging", but I don't think this is commonly used for cabled > OpenPGP smartcards. Would be interesting to find out. > I think you'll need to trust the cable anywa

Re: Communication with card reader encrypted?

Thanks for clarification! On Mon, Aug 27, 2018 at 11:51 AM, Werner Koch wrote: > The connection between the card reader and the host is not encrypted > because that would require a key setup first and that would also be > subject to key logging. The host could provide a public encryption key to

Re: Cannot decrypt file encrypted with enQsig

DE5C6E97DA42AE8, created 2018-09-06 "Felix E. Klee " gpg: 3DES encrypted data gpg: Note: sender requested "for-your-eyes-only" So yes, 3DES! Fortunately, as can be seen above, with the custom key I was able to

0.332

FYI: https://github.com/feklee/0.332 This is a mod of the SCM SPR332 v2 smart card reader, making it smaller and lighter. For quite a while I have regularly been using it with my phone: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19 _

Re: 0.332

On Mon, Feb 11, 2019 at 12:17 PM Gerd v. Egidy wrote: > How does it compare size-wise to the cyberJack one from Reiner SCT? * cyberJack RFID standard: 62 x 95 x 13 mm * 0.332 enclosure: 69 × 111 × 13 mm It could be fun to replace the pin pad by a smaller one and create a custom bo

Decrypting fails unless card status

-01 00:00:00 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid ID gpg: decryption failed: No secret key Note that I have to run with faked system time since I cannot extend th

Re: Decrypting fails unless card status

On Tue, 15 Dec 2020 at 19:45, MFPA <2017-r3sgs86x8e-lists-gro...@riseup.net> wrote: > Is that a consequence of using a card? No. I do have an accessible private key, but it’s more than 9,000 km away, and traveling is not so easy these days. ___ Gnupg-us

Limit access to unlocked OpenPGP SmartCard?

After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can use it to decrypt as many files as I want. While this is convenient, it is not great if the system is compromised and I forget to unplug the card reader. Is there any way to limit how long the OpenPGP SmartCard remains unlocked

Re: Limit access to unlocked OpenPGP SmartCard?

On Thu, 27 Jan 2022 at 14:54, Matthias Apitz wrote: > gpgconf --reload scdaemon Gotta try that, maybe execute it with a timer, better than nothing. Best would be if the card itself could be configured to only do a certain number of operations after being unlocked. I think everything else is pret

Re: Limit access to unlocked OpenPGP SmartCard?

Jacob Bachmeyer via Gnupg-users writes: >> After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], […] > > Does your smartcard reader have its own keypad for entering the PIN? yes ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://list

Re: Limit access to unlocked OpenPGP SmartCard?

Well, I think I could extend my SPR332 [mod][1]: * Add a push-button that one has to press to close the C7 circuit for I/O. Without that button pressed, the smart card cannot communicate with the reader. That means, for every operation, one would need to hold that button, kind of –

YubiKey 5C NFC not detected

I would like to set up a YubiKey 5C NFC for SSH, but it doesn’t get detected by GnuPG: $ ykman config usb -l OTP FIDO U2F FIDO2 OATH PIV OpenPGP YubiHSM Auth $ cat .gnupg/scdaemon.conf reader-port Yubico Yubi $ gpgconf --kill gpg-agent $ ps x | grep

Re: YubiKey 5C NFC not detected

Ingo Klöcker writes: > Are you sure "Yubico Yubi" is the correct value for the reader-port > option? It’s what is suggested in the official [Troubleshooting Issues with GPG][1]. They also suggest: Yubico Yubikey That doesn’t work either. As I realized before, their guides are not up to da

Re: YubiKey 5C NFC not detected

Ingo Klöcker writes: > $ echo scd getinfo reader_list | gpg-connect-agent --decode $ ykman config usb -l OTP FIDO U2F FIDO2 OATH PIV OpenPGP YubiHSM Auth $ gpgconf --kill gpg-agent $ echo scd getinfo reader_list | gpg-connect-agent --decode OK :( > I

Re: YubiKey 5C NFC not detected

Werner Koch via Gnupg-users writes: > scdaemon does not see any reader. That might simply due to another > process which uses the reader (the yubikey tools). None the wiser: $ cat ~/.gnupg/scdaemon.conf debug cardio verbose log-file /tmp/scd.log pcsc-shared $ gpgconf --k

YubiKey/OpenPGP card connection issues for non-root user

Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux system (running in VMware under Windows), it sometimes takes minutes to be able to use. I.e. it can take forever until I get a successful response from: gpg --card-status OTOH I can immediately get a response when I run the

Re: YubiKey/OpenPGP card connection issues for non-root user

7BF BB40 70FC 6351 189E 79FE 04FD F78D 1679 DD94 created : 2016-12-17 10:49:18 Authentication key: [none] General key info..: pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 Felix E. Klee sec> rsa4096/BEF6EFD38FE8DCA0 created: 2016-12-17 expires:

Re: YubiKey/OpenPGP card connection issues for non-root user

On Mon, Aug 7, 2023 at 9:00 AM NIIBE Yutaka wrote: > Please note that there may be two methods to access the device in > scdaemon: > > * in-stock CCID driver of scdaemon > * the PC/SC service > > Your output shows that you are connecting the smartcard reader through > the PC/SC service. Inter

Re: YubiKey/OpenPGP card connection issues for non-root user

On Mon, Aug 7, 2023 at 3:30 PM Werner Koch wrote: > > I also tried killing root’s gpg-agent, to avoid conflicts with that > > of the user, but that didn’t help either. > > Right a second scdaemon might have grabbed the device. If you don't > need it as root put into root's gpg-agent.conf "disable-

Re: YubiKey/OpenPGP card connection issues for non-root user

The issue persists. Sometimes the readers (just now the YubiKey) are not visible to the user. But they are always to root k. I then disabled the PC/SC daemon: [felix@felix-arch ~]$ sudo systemctl disable pcscd Removed "/etc/systemd/system/sockets.target.wants/pcscd.socket". [felix@feli

Finding all files encrypted with a certain key

For the purpose of re-encryption with a new key, I’d like to find all files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted files, independent of key, have the extension `.gpg`. How do I do that for a massive directory tree? ___ Gnupg-use

Re: Finding all files encrypted with a certain key

On Tue, Oct 24, 2023 at 5:21 PM Werner Koch wrote: > encrypted-to-me-p.sh > --8<---cut here---start->8--- > #/bin/sh > gpg -d --status-fd 1 -o /dev/null 2>/dev/null "$1" | awk ' > $1=="[GNUPG:]" && $2=="ENC_TO" && $3=="BEF6EFD38FE8DCA0" {print $1; exit 0}' > --

Re: Finding all files encrypted with a certain key

On Wed, Oct 25, 2023 at 10:08 AM raf via Gnupg-users wrote: > > How do I do that for a massive directory tree? > > With my rawhide (rh) program (github.com/raforg/rawhide) you can do it > with something like this: > > rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what' Very interestin

Re: Finding all files encrypted with a certain key

On Tue, Oct 24, 2023 at 5:12 PM Andrew Gallagher wrote: > GNU `file` will print the encryption key ID: Interesting. I wonder if there is any disadvantage of using `file` over Werner’s proposal. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https:/

Re: Finding all files encrypted with a certain key

On Wed, Oct 25, 2023 at 9:23 PM Werner Koch wrote: > > gpg: decryption failed: No secret key > > > > I wonder how to get rid of that. > > grep -v on stderr ;-). Thanks, I was thinking about that. But I think simply using find, as suggested by Andrew and raf, is sufficient and simple. > I thi

Cannot export SSH public key

iry (never) However, I cannot export it for SSH: $ gpg --list-keys --keyid-format SHORT yubi...@f76.eu pub rsa4096/1B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29

Re: Cannot export SSH public key

29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29 [E] sub rsa4096/877CC64B 2023-11-22 [A] Should I better use the authentication key exported by GPG for SSH? But how to make tha

Re: Cannot export SSH public key

orrect? Does it match what > you see with > > ssh-add -L Output: $ gpg -k --with-keygrip yubi...@f76.eu pub rsa4096 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix

Re: Cannot export SSH public key

On Thu, Nov 23, 2023 at 2:19 PM Stephan Verbücheln via Gnupg-users wrote: > Host gitlab.com > HostName gitlab.com > User git > IdentityAgent ${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh Thanks, that works. Even the variable is expanded. In addition, I need: gpg-connect-agent updates

Re: Cannot export SSH public key

On Thu, Nov 23, 2023 at 10:17 AM Felix E. Klee wrote: > Can you explain why the output of `ssh-add -L` did not change? Also > why is it not the same as the output from `gpg --export-ssh-key > yubi...@f76.eu`? OK, I may have found the issue: $ grep -rl Use-for-ssh ~/.gnupg/private-

Re: Cannot export SSH public key

never $ gpg --list-keys --keyid-format LONG --with-keygrip yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix E. Klee (YubiKey)

Re: Cannot export SSH public key

$ gpg --list-keys --keyid-format LONG yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/7CC02D68D2E31736 2023-06-29 [E] sub rsa4096/32B106F6877CC64B 2

gpg --card-status

21 created : 2023-06-29 03:50:43 22 Authentication key: 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E D589 23 created : 2023-06-29 03:50:43 24 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) 25 sec> rsa4

Re: Cannot export SSH public key

1736 created : 2023-06-29 03:50:43 Authentication key: 9DFF AD98 566A 604F 7290 7C24 32B1 06F6 877C C64B created : 2023-11-22 15:14:14 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) sec> rsa4096/1BE349D11B6ED

Re: gpg --card-status

On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee wrote: > Example output with line numbers: > > 01 Reader ...: Yubico YubiKey CCID 00 00 > 02 Application ID ...: D276000124010304000618698015 > 03 Application type .: OpenPGP > 04 Version ..

Re: Cannot export SSH public key

On Fri, Nov 24, 2023 at 9:09 AM Felix E. Klee wrote: > In addition, I need: > > gpg-connect-agent updatestartuptty /bye or otherwise, I get no PIN entry dialog / prompt ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.

Re: Cannot export SSH public key

On Fri, Jan 5, 2024 at 2:43 PM Werner Koch wrote: > That is right. The ssh-agent protocol has no means to tell the > ssh-agent or gpg-agent some important environment cariabales, like the > current tty or DISPLAY. Interesting, thanks for the look behind the scenes! > I am so used to run the upd

ACS APG8201-B2

I got a nice little portable card reader with pinpad, the ACS [APG8201-B2][1]. `gpg --card-status` works fine with my OpenPGP card. The problem is that when I try to decrypt a file, then GnuPG asks for the PIN using `/usr/bin/pinentry-gtk-2`. *How do I make GnuPG ask for the PIN via the pinpad?*

Re: ACS APG8201-B2

Is there anything I can try, or is the pinpad on the ACS APG8201-B2 simply not supported? ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ACS APG8201-B2

Thank you, Werner! I attached the log. When grepping for “pin”, I find (prefix stripped): DBG: ccid-driver: bPINSupport 3 verification modification PIN-Block-2 : no DBG: asking for PIN '||Please unlock the card%0A%0A\x1eNumber\x1f: 0005 64D5%0AHolder\x1f: Felix Klee' PIN ca

Re: ACS APG8201-B2

No idea what to do. Guess I’ll fix my modded SPR332 and continue using that. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ACS APG8201-B2

On Tue, Jul 30, 2024 at 12:51 PM Niibe Yutaka wrote: > Basically, it's case-by-case thingy when we add new (proprietary) > hardware support around smartcard + card reader. While we have > standardized CCID protocol, actually, it depends on each card reader > plus smartcard combination. Documentat

PGP and Smartcards?

tandardized interface (PKCS#11) and whose license (LGPL) is compliant with the license of the GnuPG. * If not GnuPG, what free software alternatives are there for doing PGP signing and decryption with a smart card? -- Felix E. Klee ___ Gnupg-

PGP and Smartcards?

tandardized interface (PKCS#11) and whose license (LGPL) is compliant with the license of the GnuPG. * If not GnuPG, what free software alternatives are there for doing PGP signing and decryption with a smart card? -- Felix E. Klee ___ Gnupg-

PGP and Smartcards?

tandardized interface (PKCS#11) and whose license (LGPL) is compliant with the license of the GnuPG. * If not GnuPG, what free software alternatives are there for doing PGP signing and decryption with a smart card? -- Felix E. Klee ___ Gnupg-

Re: PGP and Smartcards?

he card. They could safely be done on the host computer. [1] http://www.market.axalto.com/> [2] https://it-secure.dynalias.com/> [3] http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025736.html> -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP and Smartcards?

well be the weakest link if the master key is stored away in a safe place and if it is only used once in a while on reasonably tamper proof systems not connected to a network. [1] https://sourceforge.net/projects/opencryptoki/ -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP and Smartcards?

At Fri, 22 Jul 2005 22:42:20 +0200, Zeljko Vrba wrote: > Felix, if you wish to finish the applet yourself, I can help you a bit > with the existing code, if you need help. Right at the moment, I also have time problems ;-). But I may be interested to do that in the near future. -- F

Re: PGP and Smartcards?

ough, I say that combining incompatible licenses is a no-no, I would appreciate it if GPG would incorporate an interface to PKCS#11 since both issues are essentially unrelated. [1] http://www.rsasecurity.com/rsalabs/node.asp?id=2007 -- Felix E. Klee ___ G

Re: Changing the email address on an existing key...how? Should I?

ry old already, chances are that it's private part may have been stolen at some point during its life time, unless you have handled it very carefully. If you're worried about this, you may want to create a new key. -- Felix E. Klee ___ Gnu

Pinpad on SPR532 isn't used

key info..: [none] Command> passwd gpg: OpenPGP card no. D276000124010101000105B6 detected PIN Enter PIN: [Here I have to enter my PIN via my computer's keyboard] The version of the reader's firmware is 5.05 IIRC. What may be the reason for the problem? -

Re: Pinpad on SPR532 isn't used

d computer. Only USB has been tested. Anyway, does this lack of pinpad support apply to *any* driver or only to the internal CCID one? -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg: OpenPGP card not available: Assuan server fault

libgpg-error 1.1 libgcrypt 1.2.2 libassuan 0.6.10 libksba 0.9.13 pth 2.0.6 -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg: OpenPGP card not available: Assuan server fault

nPGP. This is > stated at several places. But I don't want to do OpenPGP: I want to do SSH with the OpenPGP card. I roughly followed the howto behind the following URL: http://cyphertext.de/ssh-openpgpcard-howto.txt This howto mentions the

OpenPGP card: What RSA problems? Why not for key signing?

ally matter? PS: Of course, I will use a subkey with limited lifetime for everyday use, and I'll store this key on a third card. -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP card: What RSA problems? Why not for key signing?

with not too expensive equipment and in a rather short time, say a couple of days. [2] I plan to use the key in the context of financial transactions, though. -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Info on sub keys?

that there was/is some problem with key servers and sub keys. If there is any good documentation on sub keys, aside from technical specifications (such as RFC 2440), then please let me know. -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-

Re: Info on sub keys?

on? I.e. does "foo Y/X", in general, refer to an "X" bit master key of type "foo" with an "Y" bit sub key for encryption? [1] http://www.mccune.cc/PGPpage2.htm -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot export SSH public key

29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29 [E] sub rsa4096/877CC64B 2023-11-22 [A] Should I better use the authentication key exported by GPG for SSH? But how to make tha

Re: Cannot export SSH public key

--list-keys --keyid-format LONG yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/7CC02D68D2E31736 2023-06-29 [E] sub rsa4096/32B106F6877CC64B 2023-11

Re: Cannot export SSH public key

1736 created : 2023-06-29 03:50:43 Authentication key: 9DFF AD98 566A 604F 7290 7C24 32B1 06F6 877C C64B created : 2023-11-22 15:14:14 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) sec> rsa4096/1BE349D11B6ED