heads
heads copied to clipboard
Published
20 hours ago •
linuxboot
linuxboot
Update gnupg 1.4.21 -> 1.4.23
GnuPG seems to be somewhat still working (although only winterfell board seems to use this by default).
So I was trying to run oem-factory-reset procedures using GnuPG 1.4.23.
Somehow I have to use PC/SC daemon to work with the card (which we don't have) and I was not able to generate the key using GnuPG 1.4.23. Edit my gpg was compiled without libusb support
Some notes regarding our OEM factory reset:
--pinentry-mode=loopbackis not an recognized option- There is no
factory-resetadmin command of--card-edit - There is no
key-attradmin command
When just using generate on a blank card I get the following dialog:
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
Please note that the factory settings of the PINs are
PIN = `123456' Admin PIN = `12345678'
You should change them using the command --change-pin
gpg: 3 Admin PIN attempts remaining before card is permanently locked
Please enter the Admin PIN
Please enter the PIN
What keysize do you want for the Signature key? (2048)
What keysize do you want for the Encryption key? (2048)
What keysize do you want for the Authentication key? (2048)
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>"
Real name: master04
Email address: master04@thinkpad
Comment:
You selected this USER-ID:
"master04 <master04@thinkpad>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (20 seconds)
gpg: response does not contain the public key data
gpg: key generation failed: general error
Key generation failed: general error
gpg/card>
Application ID ...: D276.....
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 0000XXXX
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Private DO 3 .....: [not set]
Private DO 4 .....: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
PC/SC does not show any APDUs with errors though.
Same with direct USB access, debug log:
gpg: DBG: dump: 4F 10 D2 76 00 01 24 01 03 04 00 05 00 00 C4 40 00 00 5F 52 0A 00 31 F5 73 C0 01 60 05 90 00 7F 66 08 02 02 08 00 02 02 08 00 73 81 BF C0 0A 7F 00 08 00 08 00 08 00 00 01 C1 06 01 08 00 00 20 00 C2 06 01 08 00 00 20 00 C3 06 01 08 00 00 20 00 C4 07 01 40 40 40 03 00 03 C5 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 00 00 00 00 00 00 00 00 00 00 00 00 DE 06 01 00 02 00 03 00
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: DBG: send apdu: c=00 i=47 p1=80 p2=00 lc=2 le=256 em=1
gpg: DBG: raw apdu: 00 47 80 00 00 00 02 B6 00 01 00
gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock:
gpg: DBG: ccid-driver: dwLength ..........: 15
gpg: DBG: ccid-driver: bSlot .............: 0
gpg: DBG: ccid-driver: bSeq ..............: 69
gpg: DBG: ccid-driver: bBWI ..............: 0x04
gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000
gpg: DBG: ccid-driver: [0010] 00 40 0B 00 47 80
gpg: DBG: ccid-driver: [0016] 00 00 00 02 B6 00 01 00 39
gpg: DBG: ccid-driver: RDR_to_PC_DataBlock:
gpg: DBG: ccid-driver: dwLength ..........: 5
gpg: DBG: ccid-driver: bSlot .............: 0
gpg: DBG: ccid-driver: bSeq ..............: 69
gpg: DBG: ccid-driver: bStatus ...........: 0
gpg: DBG: ccid-driver: [0010] 00 C3 01 64 A6
gpg: DBG: ccid-driver: T=1: S-block request received cmd=3
gpg: DBG: ccid-driver: T=1: waittime extension of bwi=100
gpg: DBG: ccid-driver: PC_to_RDR_XfrBlock:
gpg: DBG: ccid-driver: dwLength ..........: 5
gpg: DBG: ccid-driver: bSlot .............: 0
gpg: DBG: ccid-driver: bSeq ..............: 70
gpg: DBG: ccid-driver: bBWI ..............: 0x04
gpg: DBG: ccid-driver: wLevelParameter ...: 0x0000
gpg: DBG: ccid-driver: [0010] 00 E3 01 64 86
gpg: DBG: ccid-driver: usb_bulk_read error: Device busy
gpg: ccid_transceive failed: (0x1000a)
gpg: apdu_send_simple(0) failed: card I/O error
gpg: generating key failed
gpg: key generation failed: general error