Package: gnupg-agent Version: 2.1.18-3 Severity: normal Hi,
Since a recent upgrade, gnupg-agent no longer finds the authentication (SSH) key on my OpenPGP smartcard: wouter@gangtai:~$ gpg --card-status Reader ...........: ACS ACR38U 00 00 Application ID ...: D2760001240102010005000047360000 Version ..........: 2.1 Manufacturer .....: ZeitControl Serial number ....: 00004736 Name of cardholder: Wouter Verhelst Language prefs ...: nl Sex ..............: male URL of public key : http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x9B69FDF3F0DA0948066129F72DFC519954181296 Login data .......: [not set] Signature PIN ....: forced Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 116 Signature key ....: 9B69 FDF3 F0DA 0948 0661 29F7 2DFC 5199 5418 1296 created ....: 2016-04-11 11:46:27 Encryption key....: B057 2256 DD3D 8275 A1F2 3015 EBC4 535B 0557 DB14 created ....: 2016-04-11 11:46:27 Authentication key: B7D1 52E7 6233 6135 DBEF 6435 965E 159D 1F28 844B created ....: 2016-04-11 11:46:27 General key info..: pub rsa4096/2DFC519954181296 2016-04-11 Wouter Verhelst <w...@uter.be> sec> rsa4096/2DFC519954181296 created: 2016-04-11 expires: never card-no: 0005 00004736 ssb> rsa4096/965E159D1F28844B created: 2016-04-11 expires: never card-no: 0005 00004736 ssb> rsa4096/EBC4535B0557DB14 created: 2016-04-11 expires: never card-no: 0005 00004736 wouter@gangtai:~$ echo "foo bar" | gpg -r 54181296 -e | gpg gpg: please do a --check-trustdb gpg: 54181296: skipped: public key already present gpg: encrypted with 4096-bit RSA key, ID EBC4535B0557DB14, created 2016-04-11 "Wouter Verhelst <w...@uter.be>" foo bar wouter@gangtai:~$ echo $SSH_AUTH_SOCK /run/user/1000/gnupg/S.gpg-agent.ssh wouter@gangtai:~$ ssh-add -l The agent has no identities. The interesting part of the above is that the last command (the "ssh-add -l" bit) actually reads from the card (I can see the cardreader LED flash). It just doesn't find anything. Note: I removed the "90gpg-agent" file from Xsession.d, since it messes up some other SSH key setup that I have, very much in the same way that gnome-keyring messes up gpg-agent. With the previous version of gpg-agent, it was enough to just run "gpg --card-status" to start the agent and make the ssh key stuff work. Having to fight with all of that is pretty ironic, given that ssh-agent actually supports external modules through PKCS#11. Ah well. -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, m68k, arm64 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg-agent depends on: ii libassuan0 2.4.3-2 ii libc6 2.24-9 ii libgcrypt20 1.7.6-1 ii libgpg-error0 1.26-2 ii libnpth0 1.3-1 ii libreadline7 7.0-2 ii pinentry-curses [pinentry] 1.0.0-1 ii pinentry-gnome3 [pinentry] 1.0.0-1 Versions of packages gnupg-agent recommends: ii gnupg 2.1.18-3 Versions of packages gnupg-agent suggests: ii dbus-user-session 1.10.14-1 ii libpam-systemd 232-15 ii pinentry-gnome3 1.0.0-1 ii scdaemon 2.1.18-3 -- Configuration Files: /etc/X11/Xsession.d/90gpg-agent changed: -- no debconf information
