Control: reassign 854005 scdaemon Hi Wouter--
On Thu 2017-02-02 17:54:26 -0500, Wouter Verhelst wrote: > Since a recent upgrade, gnupg-agent no longer finds the authentication > (SSH) key on my OpenPGP smartcard: > > wouter@gangtai:~$ gpg --card-status > > Reader ...........: ACS ACR38U 00 00 > Application ID ...: D2760001240102010005000047360000 > Version ..........: 2.1 > Manufacturer .....: ZeitControl > Serial number ....: 00004736 > Name of cardholder: Wouter Verhelst > Language prefs ...: nl > Sex ..............: male > URL of public key : > http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x9B69FDF3F0DA0948066129F72DFC519954181296 > Login data .......: [not set] > Signature PIN ....: forced > Max. PIN lengths .: 32 32 32 > PIN retry counter : 3 0 3 > Signature counter : 116 > Signature key ....: 9B69 FDF3 F0DA 0948 0661 29F7 2DFC 5199 5418 1296 > created ....: 2016-04-11 11:46:27 > Encryption key....: B057 2256 DD3D 8275 A1F2 3015 EBC4 535B 0557 DB14 > created ....: 2016-04-11 11:46:27 > Authentication key: B7D1 52E7 6233 6135 DBEF 6435 965E 159D 1F28 844B > created ....: 2016-04-11 11:46:27 > General key info..: pub rsa4096/2DFC519954181296 2016-04-11 Wouter > Verhelst <w...@uter.be> > sec> rsa4096/2DFC519954181296 created: 2016-04-11 expires: never > card-no: 0005 00004736 > ssb> rsa4096/965E159D1F28844B created: 2016-04-11 expires: never > card-no: 0005 00004736 > ssb> rsa4096/EBC4535B0557DB14 created: 2016-04-11 expires: never > card-no: 0005 00004736 > wouter@gangtai:~$ echo "foo bar" | gpg -r 54181296 -e | gpg > gpg: please do a --check-trustdb > gpg: 54181296: skipped: public key already present > gpg: encrypted with 4096-bit RSA key, ID EBC4535B0557DB14, created > 2016-04-11 > "Wouter Verhelst <w...@uter.be>" > foo bar > wouter@gangtai:~$ echo $SSH_AUTH_SOCK > /run/user/1000/gnupg/S.gpg-agent.ssh > wouter@gangtai:~$ ssh-add -l > The agent has no identities. > > The interesting part of the above is that the last command (the "ssh-add > -l" bit) actually reads from the card (I can see the cardreader LED > flash). It just doesn't find anything. > > Note: I removed the "90gpg-agent" file from Xsession.d, since it messes > up some other SSH key setup that I have, very much in the same way that > gnome-keyring messes up gpg-agent. With the previous version of > gpg-agent, it was enough to just run "gpg --card-status" to start the > agent and make the ssh key stuff work. > > Having to fight with all of that is pretty ironic, given that ssh-agent > actually supports external modules through PKCS#11. Ah well. i don't have such a device to test with, so i'm not sure how to debug this with you, but it sounds like it may be an issue with scdaemon itself, so i'm reassigning it there and cc'ing gniibe in the hopes that he can provide some insight. is the key you expect to use listed in ~/.gnupg/sshcontrol ? I'd expect it to be listed by its keygrip, which i think is: 40277D42041E8A6E9AC9206FB335DDBA4B57A505 thanks for the report! --dkg
signature.asc
Description: PGP signature
