[Gnuk-users] gpg: signing failed: Zero prefix in S-expression
Jonathan Schleifer
js-gnuk-users at webkeks.org
Mon Feb 16 09:22:00 UTC 2015
Am 16.02.2015 um 01:59 schrieb NIIBE Yutaka <gniibe at fsij.org>:
> On 02/16/2015 12:28 AM, Jonathan Schleifer wrote:
>> Hm, after re-flashing and putting a different key on it, I get this
>> error quite often now. Interestingly, I can either replug or change
>> the PIN to make it work again.
>
> Thank you for experiments. Could you please do the following to debug?
>
> (1) generate an experimental key of EdDSA
> (not for your actual use, but just for this debugging)
>
> (2) Store the experimental key into Gnuk Token with an experimental PIN
> (PIN should be OK with a risk to disclose)
>
> (3) Put debug configurations in your .gnupg/gpg-agent.conf and
> .gnupg/scdaemon.conf.
>
> ---------- gpg-agent.conf
> enable-ssh-support
> debug-level guru
> debug-all
> log-file /var/tmp/gpg-agent.log
> ----------
>
> ---------- scdaemon.conf
> debug-level guru
> debug-all
> log-file /var/tmp/scdaemon.log
> ----------
>
> (4) Try to reproduce the error of "Zero prefix in S-expression"
>
> (5) When you got an error, please send me the logs of gpg-agent and
> scdaemon.
>
> Thanks in advance.
Unfortunately, I'll be away from home for a few days starting tomorrow and won't be able to restore my key if I write a different one to the Gnuk. Unfortunately, I only have one Gnuk :(. I can, however, try this once I come back. Or I can give steps to reproduce it :).
* Generate 4096 bit RSA certification key
* Edit the key, add Ed25519 signing key, RSA 4096 encryption key and Ed25519 authentication key
* Switch the Gnuk over to Ed25519 for signing and authentication like described in your mail I linked from my blog
* Move the signing, encryption and authentication key to Gnuk
* Do several signatures in a short timespan
For example, if I sign Git commits and rebase like 5 commits in the past, I can always trigger it.
Interestingly, to solve the problem, I can restart GnuPG and replug it. Or I can gpg2 --card-edit and then type passwd. I do *NOT* have to change the PIN. Just typing passwd and then canceling is enough.
Gnuk version is latest master (actually, 1.1.4 with the patches cherry-picked) and GnuPG is 2.1.2.
--
Jonathan
More information about the gnuk-users
mailing list