[Gnuk-users] State of EdDSA in Gnuk / GnuPG
Bertrand Jacquin
bertrand at jacquin.bzh
Thu Jan 22 00:00:42 UTC 2015
On 21/01/2015 02:56, NIIBE Yutaka wrote:
> On 01/21/2015 10:12 AM, NIIBE Yutaka wrote:
>> No. The warning means that you have registered a subkey already,
>> haven't you?
>>
>> 'KEYTOCARD failed: End of file' is unexpected.
>>
>> Let me try to reproduce your failure. I will be back.
>
> It works for me, even with partially registered subkey (I got
> "such a key has already been stored..." message, because of
> this).
Actually I'm not really afraid about the "gpg: WARNING: such a key has
already been stored on the card!", that make sense, but what about the
"KEYTOCARD failed: End of file" ?
> To debug, please have following file under your GPGHOME (default is
> $HOME/.gnupg). Then, you can get debug information in the log file.
>
> ============= gpg-agent.conf
> debug-level guru
> debug-all
> log-file /var/tmp/gpg-agent.log
> =============
I was wrong in my previous telling you that the key is well present on
the smartcard, it is not. I reflash my FST-01 and restarted from scratch
with a fresh keyring, and here is the status:
$ gpg --expert --edit-key 0x16E697B3060AAC2F
Secret key is available.
pub rsa2048/0x16E697B3060AAC2F
created: 2015-01-21 expires: 2015-02-20 usage: C
trust: ultimate validity: ultimate
sub ed25519/0xC7B97814F54BB924
created: 2015-01-21 expires: 2015-02-20 usage: A
[ultimate] (1). FST-01 EdDSA <nobody at jacquin.bzh>
gpg> toggle
pub rsa2048/0x16E697B3060AAC2F
created: 2015-01-21 expires: 2015-02-20 usage: C
trust: ultimate validity: ultimate
sub ed25519/0xC7B97814F54BB924
created: 2015-01-21 expires: 2015-02-20 usage: A
[ultimate] (1). FST-01 EdDSA <nobody at jacquin.bzh>
gpg> key 1
pub rsa2048/0x16E697B3060AAC2F
created: 2015-01-21 expires: 2015-02-20 usage: C
trust: ultimate validity: ultimate
sub* ed25519/0xC7B97814F54BB924
created: 2015-01-21 expires: 2015-02-20 usage: A
[ultimate] (1). FST-01 EdDSA <nobody at jacquin.bzh>
gpg> keytocard
Please select where to store the key:
(3) Authentication key
Your selection? 3
gpg: KEYTOCARD failed: End of file
gpg> save
Key not changed so no update needed.
$ gpg --card-status
Application ID ...: D276000124010200FFFE50FF6A060000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 50FF6A06
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 255?
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
But I can see that scdaemon is ending with a SEGV:
[25221.144936] pipe-connection[1163]: segfault at 7f6500449374 ip
00007f65bbc2c72e sp 00007f65bb76ea38 error 4 in
libc-2.19.so[7f65bbb92000+1ac000]
Result of strace:
1182 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3559, ...})
= 0
1182 write(3, "2015-01-21 23:34:29 gpg-agent[1035] DBG: ", 41) = 41
1182 write(3, "chan_9 -> [ 44 20 31 32 33 34 35 36 37 38 00 00 00 00 00
00 ...(76 byte(s) skipped) ]\n", 86) = 86
1182 write(12, "D
12345678\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\n",
93) = 93
1182 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3559, ...})
= 0
1182 write(3, "2015-01-21 23:34:29 gpg-agent[1035] DBG: ", 41) = 41
1182 write(3, "chan_9 -> END\n", 14) = 14
1182 write(12, "END", 3) = 3
1182 write(12, "\n", 1) = 1
1182 read(9, "", 1002) = 0
1182 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1162,
si_status=SIGSEGV, si_utime=0, si_stime=0} ---
Corresponding extract of /var/tmp/gpg-agent.log
2015-01-21 23:34:26 gpg-agent[1035] DBG: chan_9 <- INQUIRE NEEDPIN
|A|Please enter the Admin PIN
2015-01-21 23:34:26 gpg-agent[1035] starting a new PIN Entry
2015-01-21 23:34:26 gpg-agent[1035] DBG: connection to PIN entry
established
2015-01-21 23:34:26 gpg-agent[1035] DBG: chan_6 -> INQUIRE
PINENTRY_LAUNCHED 1185
2015-01-21 23:34:26 gpg-agent[1035] DBG: chan_6 <- END
2015-01-21 23:34:29 gpg-agent[1035] DBG: chan_9 -> [ 44 20 31 32 33 34
35 36 37 38 00 00 00 00 00 00 ...(76 byte(s) skipped) ]
2015-01-21 23:34:29 gpg-agent[1035] DBG: chan_9 -> END
2015-01-21 23:34:29 gpg-agent[1035] DBG: chan_9 <- [eof]
2015-01-21 23:34:29 gpg-agent[1035] command 'KEYTOCARD' failed: End of
file
2015-01-21 23:34:29 gpg-agent[1035] DBG: chan_6 -> ERR 67125247 End of
file <GPG Agent>
2015-01-21 23:34:30 gpg-agent[1035] DBG: chan_9 -> BYE
2015-01-21 23:34:32 gpg-agent[1035] DBG: chan_6 <- [eof]
2015-01-21 23:34:32 gpg-agent[1035] handler 0x7fa7038fb700 for fd 6
terminated
GDB output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffe6b257700 (LWP 7978)]
0x00007ffe6b7148e0 in ?? () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffe6b7148e0 in ?? () from /lib64/libc.so.6
#1 0x00000000004228f8 in store_fpr (app=0x7ffe64002d40, keynumber=2,
timestamp=1421882934, fpr=0x7ffe6b256c80 " m%k\376\177",
card_version=512, key_type=KEY_TYPE_EDDSA) at app-openpgp.c:816
#2 0x00000000004294dc in ecc_writekey (app=0x7ffe64002d40,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0, keyno=2,
buf=0x7ffe64011ac6 "", buflen=0, depth=0) at app-openpgp.c:3386
#3 0x0000000000429847 in do_writekey (app=0x7ffe64002d40,
ctrl=0x1035780, keyid=0x7ffe64002ad0 "OPENPGP.3", flags=0,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0,
keydata=0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))",
keydatalen=166) at app-openpgp.c:3473
#4 0x00000000004208ab in app_writekey (app=0x7ffe64002d40,
ctrl=0x1035780, keyidstr=0x7ffe64002ad0 "OPENPGP.3", flags=0,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0,
keydata=0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))",
keydatalen=166) at app.c:882
#5 0x000000000040aa76 in cmd_writekey (ctx=0x7ffe640008c0,
line=0x7ffe64000a22 "") at command.c:1343
#6 0x00007ffe6c26690d in ?? () from /usr/lib64/libassuan.so.0
#7 0x00007ffe6c266e09 in assuan_process () from
/usr/lib64/libassuan.so.0
#8 0x000000000040c1b5 in scd_command_handler (ctrl=0x1035780, fd=-1) at
command.c:2092
#9 0x0000000000407c95 in start_connection_thread (arg=0x1035780) at
scdaemon.c:1164
#10 0x00007ffe6c059e1c in ?? () from /usr/lib64/libnpth.so.0
#11 0x00007ffe6be4236d in start_thread () from /lib64/libpthread.so.0
#12 0x00007ffe6b771bdd in clone () from /lib64/libc.so.6
(gdb) fr 1
#1 0x00000000004228f8 in store_fpr (app=0x7ffe64002d40, keynumber=2,
timestamp=1421882934, fpr=0x7ffe6b256c80 " m%k\376\177",
card_version=512, key_type=KEY_TYPE_EDDSA) at app-openpgp.c:816
816 app-openpgp.c: No such file or directory.
(gdb) info args
app = 0x7ffe64002d40
keynumber = 2
timestamp = 1421882934
fpr = 0x7ffe6b256c80 " m%k\376\177"
card_version = 512
key_type = KEY_TYPE_EDDSA
(gdb) fr 2
#2 0x00000000004294dc in ecc_writekey (app=0x7ffe64002d40,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0, keyno=2,
buf=0x7ffe64011ac6 "", buflen=0, depth=0) at app-openpgp.c:3386
3386 in app-openpgp.c
(gdb) info args
app = 0x7ffe64002d40
pincb = 0x409a22 <pin_cb>
pincb_arg = 0x7ffe640008c0
keyno = 2
buf = 0x7ffe64011ac6 ""
buflen = 0
depth = 0
(gdb) fr 3
#3 0x0000000000429847 in do_writekey (app=0x7ffe64002d40,
ctrl=0x1035780, keyid=0x7ffe64002ad0 "OPENPGP.3", flags=0,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0,
keydata=0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))",
keydatalen=166) at app-openpgp.c:3473
3473 in app-openpgp.c
(gdb) info args
app = 0x7ffe64002d40
ctrl = 0x1035780
keyid = 0x7ffe64002ad0 "OPENPGP.3"
flags = 0
pincb = 0x409a22 <pin_cb>
pincb_arg = 0x7ffe640008c0
keydata = 0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))"
keydatalen = 166
(gdb) fr 4
#4 0x00000000004208ab in app_writekey (app=0x7ffe64002d40,
ctrl=0x1035780, keyidstr=0x7ffe64002ad0 "OPENPGP.3", flags=0,
pincb=0x409a22 <pin_cb>, pincb_arg=0x7ffe640008c0,
keydata=0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))",
keydatalen=166) at app.c:882
882 app.c: No such file or directory.
(gdb) info args
app = 0x7ffe64002d40
ctrl = 0x1035780
keyidstr = 0x7ffe64002ad0 "OPENPGP.3"
flags = 0
pincb = 0x409a22 <pin_cb>
pincb_arg = 0x7ffe640008c0
keydata = 0x7ffe64011a20
"(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@\237vM\270\222Q\001jg\371\251\006Ə\227\202\004\230J\376\370(\273;k!\342\006\071\261~\024)(1:d32:B^W\312\336k\315\355\277\366/\264iY\370F\325mhn\234\207\212\213\354\001\024\236\033hi\357))(10:created-at10:1421882934))"
keydatalen = 166
...
Once gnupg, libgcrypt, npth and libassuan compiled with -g -ggdb, I do
not get any SEGV.
Continuing to grab infos.
--
Bertrand
More information about the gnuk-users
mailing list