Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#42790 - [gnupg] OpenPGP card cannot be used for signing with gnupg 2.1

Attached to Project: Arch Linux
Opened by Thomas Bächler (brain0) - Friday, 14 November 2014, 19:02 GMT
Last edited by Thomas Bächler (brain0) - Sunday, 30 November 2014, 11:44 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


With gnupg 2.1, my OpenPGP card's key cannot be used anymore:

$ gpg -K
sec dsa1024/31CFFD50 2005-09-04
uid [ultimate] Thomas Bächler <>
uid [ultimate] Thomas Bächler <>
ssb elg2048/648E6F29 2005-09-04

sec rsa4096/8E4B1A25 2011-05-04
uid [ultimate] Thomas Bächler <>
ssb rsa4096/20016BDB 2011-05-04

If I try to sign something with it, gnupg reports that there is no private key.

With gnupg 2.0, I get this output:

$ gpg -K
sec 1024D/31CFFD50 2005-09-04
uid Thomas Bächler <>
uid Thomas Bächler <>
ssb 2048g/648E6F29 2005-09-04

sec 4096R/8E4B1A25 2011-05-04
uid Thomas Bächler <>
ssb 4096R/20016BDB 2011-05-04

sec> 3072R/824B18E8 2011-11-19
Kartenseriennr. = 0005 00001085
uid Thomas Bächler (Arch Linux Master Key) <>
ssb> 1024R/AAE53976 2011-11-19
ssb> 2048R/96A8F3F2 2011-11-19

However, the --card-status command works just fine with the new version.
This task depends upon

Closed by  Thomas Bächler (brain0)
Sunday, 30 November 2014, 11:44 GMT
Reason for closing:  Not a bug
Comment by Gaetan Bisson (vesath) - Friday, 14 November 2014, 23:41 GMT
Could you please report this upstream to ?
Comment by Thomas Bächler (brain0) - Saturday, 15 November 2014, 10:59 GMT Comment by Benjamin Podszun (darklajid) - Tuesday, 25 November 2014, 08:56 GMT
This version was promoted from testing today, which basically means I cannot read (encrypted) mail anymore.
With this known regression, why is this the new 'current' version?
Comment by Benjamin Podszun (darklajid) - Tuesday, 25 November 2014, 12:41 GMT
All is well. After talking to upstream (K_F on #gnupg was very helpful) I learned that you need to recreate the stubs once, because the keystore format changed for opengpg keys (not ssh keys though).

I can use my smart card again after running

gpg-connect-agent learn /bye

once. I'd therefor suggest closing this bug and the one upstream, Thomas, if you can confirm the solution?
Maybe this change warrants a note of some sorts though? or .. somewhere?
Comment by Thomas Bächler (brain0) - Tuesday, 25 November 2014, 22:44 GMT
I was unable to find that command anywhere, I will try it tomorrow.
Comment by Sree Harsha Totakura (tsh) - Friday, 28 November 2014, 15:28 GMT
It works for me after disabling my card reader's pinpad by adding `disable-pinpad` to ~/.gnupg/scdaemon.conf. If not, it complains that the public key is not found.
Comment by Tiago Peixoto (count0) - Friday, 28 November 2014, 18:16 GMT
I can confirm that issuing "gpg-connect-agent learn /bye" solves the issue. It would *very* useful to have this information displayed to the user after upgrading the package.
Comment by Thomas Bächler (brain0) - Sunday, 30 November 2014, 11:44 GMT
Yes, this helps.