FS#71279 - gnupg 2.2.28 does not work with Smart Cards

Attached to Project: Arch Linux
Opened by Adam Jimerson (vendion) - Thursday, 17 June 2021, 14:46 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 17 June 2021, 21:18 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

With GnuPG 2.2.27 and older I was able to have a split key with part of it being stored on my Yubikey NEO, and when I did an action that needed my key I would be prompted to insert the key and then put in my password. Also I was able to have the `gpg` query the status of my smart card with `gpg --card-status`:

[~/Downloads]─> gpg --card-status
Reader ...........: 1050:0116:X:0
Application ID ...: D2760001240102000006085023460000
Application type .: OpenPGP
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 08502346
Name of cardholder: Adam Jimerson
Language prefs ...: en
Salutation .......: Mr.
URL of public key : https://keybase.io/vendion/pgp_keys.asc?fingerprint=e91020f1e7b30f18e24a8315f1f26b789fc642d0
Login data .......: vendion
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3326
Signature key ....: 2CB9 41E0 3DDD 2502 FA60 8A96 B666 52C8 DA53 1A49
created ....: 2014-06-19 03:01:03
Encryption key....: E7C3 C547 A29E 4D47 932D B8B1 B460 C43F A28F D091
created ....: 2014-06-19 03:01:03
Authentication key: A3D7 864F 5A52 445D 1BF7 12B1 9FFF 49F8 DFE4 655F
created ....: 2018-08-13 23:31:04
General key info..: sub rsa2048/0xB66652C8DA531A49 2014-06-19 keybase.io/vendion <vendion@keybase.io>
sec rsa4096/0xF1F26B789FC642D0 created: 2014-06-19 expires: never
ssb> rsa2048/0xB66652C8DA531A49 created: 2014-06-19 expires: 2022-06-17
card-no: 0006 08502346
ssb> rsa2048/0xB460C43FA28FD091 created: 2014-06-19 expires: 2022-06-17
card-no: 0006 08502346
ssb> rsa2048/0x9FFF49F8DFE4655F created: 2018-08-13 expires: never
card-no: 0006 08502346

After the update to 2.2.28 nothing seems to work with my smart card, `gpg --card-status` reports the following:

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

and if I try to do something that requires my GPG key (use my password manager, make a gpg signed git commit, etc) I just keep get asked to insert my card.

Looking at `dmesg` I don't really see anything relavent to this other than when I unplugged and plugged my yubikey back in. Downgrading gnupg to 2.2.27 fixes the issue though.
This task depends upon

Closed by  Levente Polyak (anthraxx)
Thursday, 17 June 2021, 21:18 GMT
Reason for closing:  Fixed
Additional comments about closing:  backported in 2.2.28-2
Comment by loqs (loqs) - Thursday, 17 June 2021, 17:05 GMT
Does applying [1] fix the issue? Assuming the issue was caused by [2] I believe it should as it references fixing [3] which looks to be the same commit as [2] on master.

[1] https://github.com/gpg/gnupg/commit/01a413d5235f1bbd00f83fb86d0e183d8f0b1a57
[2] https://github.com/gpg/gnupg/commit/f8588369bcb0e66118725793b53e871ce2acb10d
[3] https://github.com/gpg/gnupg/commit/ec56996029d95d4bd26e1badfe207232270c6247
Comment by Adam Jimerson (vendion) - Thursday, 17 June 2021, 20:54 GMT
Yes applying the patch [1] does infact fix my issue with GnuPG 2.2.28.

[1] https://github.com/gpg/gnupg/commit/01a413d5235f1bbd00f83fb86d0e183d8f0b1a57.patch

Loading...