[Gpg4win-users-en] gpg-agent/scdaemon error with openpgp v2 card and putty

Alexander Leidinger Alexander at leidinger.net
Thu Apr 7 18:21:16 CEST 2016 

Hi,

I have issues with the openpgp-v2-smardcard/putty support of gpg4win  
2.3.1. I have the putty support enabled in the config file of  
gpg-agent. When I then try to login via putty, the pin-code windows  
pops-up, I enter the pin-code of the key on the card-reader-pin-pad  
and then a failure window pops up. Logs of gpg-agent and scdaemon below.

When I try the same with the same reader/smardcard with the pagent  
from www.smartcard-auth.de (evaluation version), the login succeeds.

Is there a misunderstanding on my side how gpg-agent/scdaemon is using  
the openpgp-v2 smartcard, or is there a config issue, or is this a bug?

The card contents:
---snip---
> pkcs15-tool.exe -D
Using reader with a card: Cherry GmbH SmartTerminal ST-2xxx 0
PKCS#15 Card [OpenPGP card]:
         Version        : 0
         Serial number  : 0005000018f7
         Manufacturer ID: ZeitControl
         Language       : de
         Flags          : PRN generation, EID compliant

PIN [User PIN (sig)]
         Object Flags   : [0x3], private, modifiable
         ID             : 01
         Flags          : [0x13], case-sensitive, local, initialized
         Length         : min_len:6, max_len:32, stored_len:32
         Pad char       : 0x00
         Reference      : 1 (0x01)
         Type           : UTF-8
         Path           : 3f00
         Tries left     : 2

PIN [User PIN]
         Object Flags   : [0x3], private, modifiable
         ID             : 02
         Flags          : [0x13], case-sensitive, local, initialized
         Length         : min_len:6, max_len:32, stored_len:32
         Pad char       : 0x00
         Reference      : 2 (0x02)
         Type           : UTF-8
         Path           : 3f00
         Tries left     : 2

PIN [Admin PIN]
         Object Flags   : [0x3], private, modifiable
         ID             : 03
         Flags          : [0x9B], case-sensitive, local,  
unblock-disabled, initialized, soPin
         Length         : min_len:8, max_len:32, stored_len:32
         Pad char       : 0x00
         Reference      : 3 (0x03)
         Type           : UTF-8
         Path           : 3f00
         Tries left     : 3

Private RSA Key [Authentication key]
         Object Flags   : [0x3], private, modifiable
         Usage          : [0x222], decrypt, unwrap, nonRepudiation
         Access Flags   : [0x1D], sensitive, alwaysSensitive,  
neverExtract, local
         ModLength      : 4096
         Key ref        : 2 (0x2)
         Native         : yes
         Auth ID        : 02
         ID             : 03
         MD:guid        : {b8e81c05-34c2-c8bc-063b-0398b72f1404}
           :cmap flags  : 0x0
           :sign        : 0
           :key-exchange: 0

Public RSA Key [Authentication key]
         Object Flags   : [0x2], modifiable
         Usage          : [0x51], encrypt, wrap, verify
         Access Flags   : [0x2], extract
         ModLength      : 4096
         Key ref        : 0 (0x0)
         Native         : no
         Path           : a401
         ID             : 03

X.509 Certificate [Cardholder certificate]
         Object Flags   : [0x0]
         Authority      : no
         Path           : 3f007f21
         ID             : 03
         Encoded serial : 02 09 00CD1C820842215592
---snip---

gpg-agent log:
---snip---
2016-04-07 16:35:07 gpg-agent[6188] Es wird auf Socket  
`C:\Users\netchild\AppData\Roaming\gnupg\S.gpg-agent' gehört
2016-04-07 16:35:07 gpg-agent[6188] Es wird auf Socket  
`C:\Users\netchild\AppData\Roaming\gnupg\S.gpg-agent.ssh' gehört
2016-04-07 16:35:07 gpg-agent[6188] gpg-agent (GnuPG) 2.0.30 started
2016-04-07 16:35:07 gpg-agent[6188] DBG: returning notify handle 000001F0
2016-04-07 16:35:07 gpg-agent[6188] putty message loop thread 0x21c4 started
2016-04-07 16:35:09 gpg-agent[6188] Handhabungsroutine 0x2244 für fd  
508 gestartet
2016-04-07 16:35:09 gpg-agent[6188] Assuan processing failed:  
Input/output error
2016-04-07 16:35:09 gpg-agent[6188] Handhabungsroutine 0x2244 für den  
fd 508 beendet
2016-04-07 16:35:24 gpg-agent[6188] ssh request handler for  
request_identities (11) started
2016-04-07 16:35:24 gpg-agent[6188] no running SCdaemon - starting it
2016-04-07 16:35:24 gpg-agent[6188] error flushing pending output: Bad  
file descriptor
2016-04-07 16:35:24 gpg-agent[6188] DBG: first connection to SCdaemon  
established
2016-04-07 16:35:24 gpg-agent[6188] DBG: returning notify handle 000001F0
2016-04-07 16:35:25 gpg-agent[6188] SIGUSR2 received - updating card  
event counter
2016-04-07 16:35:25 gpg-agent[6188] ssh request handler for  
request_identities (11) ready
2016-04-07 16:35:25 gpg-agent[6188] sending ssh response of length 567
2016-04-07 16:35:25 gpg-agent[6188] ssh request handler for  
sign_request (13) started
2016-04-07 16:35:25 gpg-agent[6188] new connection to SCdaemon  
established (reusing)
2016-04-07 16:35:25 gpg-agent[6188] DBG: detected card with S/N  
D2760001240102000005000018F70000
2016-04-07 16:35:25 gpg-agent[6188] starting a new PIN Entry
2016-04-07 16:35:30 gpg-agent[6188] smartcard signing failed: Ungültiger Wert
2016-04-07 16:35:30 gpg-agent[6188] ssh request handler for  
sign_request (13) ready
2016-04-07 16:35:30 gpg-agent[6188] sending ssh response of length 1
2016-04-07 16:36:13 gpg-agent[6188] Handhabungsroutine 0x1ee0 für fd  
624 gestartet
2016-04-07 16:36:13 gpg-agent[6188] socket is still served by this server
2016-04-07 16:36:13 gpg-agent[6188] Handhabungsroutine 0x1ee0 für den  
fd 624 beendet
---snip---

scdaemon log:
---snip---
2016-04-07 16:35:24 scdaemon[7384] Es wird auf Socket  
`C:\Users\netchild\AppData\Roaming\gnupg\S.scdaemon' gehört
2016-04-07 16:35:24 scdaemon[7384] Handhabungsroutine für fd -1 gestartet
2016-04-07 16:35:24 scdaemon[7384] detected reader `Cherry GmbH  
SmartTerminal ST-2xxx 0'
2016-04-07 16:35:24 scdaemon[7384] reader slot 0: not connected
2016-04-07 16:35:24 scdaemon[7384] reader slot 0: active protocol: T1
2016-04-07 16:35:24 scdaemon[7384] slot 0: ATR=3B DA 18 FF 81 B1 FE 75  
1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
2016-04-07 16:35:24 scdaemon[7384] AID: D2 76 00 01 24 01 02 00 00 05  
00 00 18 F7 00 00
2016-04-07 16:35:24 scdaemon[7384] Historical Bytes: 00 31 C5 73 C0 01  
40 05 90 00
2016-04-07 16:35:25 scdaemon[7384] Version-2 ......: yes
2016-04-07 16:35:25 scdaemon[7384] Get-Challenge ..: yes (2048 bytes max)
2016-04-07 16:35:25 scdaemon[7384] Key-Import .....: yes
2016-04-07 16:35:25 scdaemon[7384] Change-Force-PW1: yes
2016-04-07 16:35:25 scdaemon[7384] Private-DOs ....: yes
2016-04-07 16:35:25 scdaemon[7384] Algo-Attr-Change: yes
2016-04-07 16:35:25 scdaemon[7384] SM-Support .....: no
2016-04-07 16:35:25 scdaemon[7384] Max-Cert3-Len ..: 2048
2016-04-07 16:35:25 scdaemon[7384] Max-Cmd-Data ...: 2048
2016-04-07 16:35:25 scdaemon[7384] Max-Rsp-Data ...: 2048
2016-04-07 16:35:25 scdaemon[7384] Cmd-Chaining ...: no
2016-04-07 16:35:25 scdaemon[7384] Ext-Lc-Le ......: yes
2016-04-07 16:35:25 scdaemon[7384] Status Indicator: 05
2016-04-07 16:35:25 scdaemon[7384] GnuPG-No-Sync ..: no
2016-04-07 16:35:25 scdaemon[7384] GnuPG-Def-PW2 ..: no
2016-04-07 16:35:25 scdaemon[7384] Key-Attr-sign ..: RSA, n=2048,  
e=32, fmt=std
2016-04-07 16:35:25 scdaemon[7384] Key-Attr-encr ..: RSA, n=2048,  
e=32, fmt=std
2016-04-07 16:35:25 scdaemon[7384] Key-Attr-auth ..: RSA, n=4096,  
e=32, fmt=std
2016-04-07 16:35:25 scdaemon[7384] DO `Login Data': 6E 65 74 63 68 69 6C 64
2016-04-07 16:35:25 scdaemon[7384] DO `URL': `'
2016-04-07 16:35:25 scdaemon[7384] DO `Historical Bytes': 00 31 C5 73  
C0 01 40 05 90 00
2016-04-07 16:35:25 scdaemon[7384] DO `Cardholder Related Data': 5B 14  
41 6C 65 78 61 6E 64 65 72 3C 3C 4C 65 69 64 69 6E 67 65 72 5F 2D 02  
64 65 5F 35 01 31
2016-04-07 16:35:25 scdaemon[7384] DO `Name': `Alexander<<Leidinger'
2016-04-07 16:35:25 scdaemon[7384] DO `Language preferences': `de'
2016-04-07 16:35:25 scdaemon[7384] DO `Sex': `1'
2016-04-07 16:35:25 scdaemon[7384] DO `Application Related Data': 4F  
10 D2 76 00 01 24 01 02 00 00 05 00 00 18 F7 00 00 5F 52 0A 00 31 C5  
73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1  
06 01 08 00 00 20 00 C2 06 01 08 00 00 20 00 C3 06 01 10 00 00 20 00  
C4 07 00 20 20 20 02 00 03 C5 3C 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 9B FD 58 06 8F F9 EF A2 60 E0 68 33 16 BA AD 23 27 DD  
C7 79 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 00 00 00  
00 00 00 00 00 51 60 1E 3A
2016-04-07 16:35:25 scdaemon[7384] DO `AID': D2 76 00 01 24 01 02 00  
00 05 00 00 18 F7 00 00
2016-04-07 16:35:25 scdaemon[7384] DO `Extended Card Capabilities': 7C  
00 08 00 08 00 08 00 08 00
2016-04-07 16:35:25 scdaemon[7384] DO `Algorithm Attributes  
Signature': 01 08 00 00 20 00
2016-04-07 16:35:25 scdaemon[7384] DO `Algorithm Attributes  
Decryption': 01 08 00 00 20 00
2016-04-07 16:35:25 scdaemon[7384] DO `Algorithm Attributes  
Authentication': 01 10 00 00 20 00
2016-04-07 16:35:25 scdaemon[7384] DO `CHV Status Bytes': 00 20 20 20 02 00 03
2016-04-07 16:35:25 scdaemon[7384] DO `Fingerprints': 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 9B FD 58 06 8F F9 EF A2 60 E0 68  
33 16 BA AD 23 27 DD C7 79
2016-04-07 16:35:25 scdaemon[7384] DO `CA Fingerprints': 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
00 00 00 00 00 00 00 00 00 00
2016-04-07 16:35:25 scdaemon[7384] DO `Generation time': 00 00 00 00  
00 00 00 00 51 60 1E 3A
2016-04-07 16:35:25 scdaemon[7384] DO `Security Support Template': 93  
03 00 00 00
2016-04-07 16:35:25 scdaemon[7384] DO `Digital Signature Counter': 00 00 00
2016-04-07 16:35:25 scdaemon[7384] DO `Private DO 1': `'
2016-04-07 16:35:25 scdaemon[7384] DO `Private DO 2': `'
2016-04-07 16:35:25 scdaemon[7384] DO `Private DO 3' not available:  
Falsche PIN
2016-04-07 16:35:25 scdaemon[7384] DO `Private DO 4' not available:  
Falsche PIN
2016-04-07 16:35:25 scdaemon[7384] DO `Cardholder certificate' not  
available: Ungültiger Wert
2016-04-07 16:35:25 scdaemon[7384] updating slot 0 status:  
0x0000->0x0007 (0->1)
2016-04-07 16:35:25 scdaemon[7384] triggering event 1f0 (000001F0) for  
client -1
2016-04-07 16:35:25 scdaemon[7384] DBG: prompting for pinpad entry  
'||Bitte die PIN eingeben'
2016-04-07 16:35:30 scdaemon[7384] DBG: dismiss pinpad entry prompt
2016-04-07 16:35:30 scdaemon[7384] Prüfung des CHV2 fehlgeschlagen:  
Ungültiger Wert
2016-04-07 16:35:30 scdaemon[7384] operation auth result: Ungültiger Wert
2016-04-07 16:35:30 scdaemon[7384] app_auth failed: Ungültiger Wert
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0xC773696B3BAC17DC
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0xC773696B3BAC17DC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20160407/d247ba74/attachment.sig>

More information about the Gpg4win-users-en mailing list