FS#75276 - [gnupg] Reports 'card error' reading some Yubikeys in v2.2.36-1
Attached to Project:
Arch Linux
Opened by Oliver Ford (OJFord) - Friday, 08 July 2022, 23:38 GMT
Last edited by David Runge (dvzrv) - Saturday, 02 September 2023, 14:43 GMT
Opened by Oliver Ford (OJFord) - Friday, 08 July 2022, 23:38 GMT
Last edited by David Runge (dvzrv) - Saturday, 02 September 2023, 14:43 GMT
|
Details
Description:
Some, but not all, Yubikeys cannot be read by e.g. `gpg --card-status` (nor any operation using it) as of 2.2.36-1. > gpg: OpenPGP card not available: Card error * Yubikey 5C NFC is affected; * Yubikey 4 Nano is not; * The previous version, 2.2.35-2, works with both. Steps to reproduce: 1. Insert key and observe light on (and FIDO/WebAuthn working, etc.) 2. $gpg --card-status gpg: OpenPGP card not available: Card error |
This task depends upon
Closed by David Runge (dvzrv)
Saturday, 02 September 2023, 14:43 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with gnupg >=2.2.37
Saturday, 02 September 2023, 14:43 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with gnupg >=2.2.37
Aside: why is Arch on 2.2.x? Happy for the answer to be RTFM if you can link the relevant M, I haven't been able to find anything except some (non-Arch-specific) background on why they both exist (https://www.mail-archive.com/gnupg-users@gnupg.org/msg40728.html) - which doesn't seem to suggest there's any reason a rolling release model would want to avoid the 'modern' 2.3 branch.
3.x gpg drops support for old and insecure hashes. unfortunately hour keyring contains signatures using this hashes.
We are working on updating our keyring. But this is unfortunately not a very fast process.
```
#echo -e '[testing]\nInclude = /etc/pacman.d/mirrorlist' >> /etc/pacman.conf
#pacman -Sy archlinux-keyring
#pacman -S testing/gnupg
$gpg --version
gpg (GnuPG) 2.2.37
[...]
[unplug device]
$gpgconf --kill all
[re-plug device]
$gpg --card-status
[expected output]
```
The maintainer implied it's 5.4x only that is affected.
FS#77754