GNOME Bugzilla – Bug 335386
evolution doesn't support gpg if keys are on a smartcard
Last modified: 2006-08-12 14:18:01 UTC
Please describe the problem: I want to use a smartcard to store my encryption/decryption and signing keys for gpg. GPG supports smartcard just fine. I try to use the key that is on the card to sign or encrypt with Evolution, evo just hangs and sits forever waiting for an answer from gnupg that is not right. I should be asked to enter a pin instead of the passphrase. Steps to reproduce: 1. follow steps on http://www.fsfe.org/en/card/howto/subkey_howto to put your key on smartcard 2. write an email message, choose to encrypt or sign it 3. send it Actual results: I guess that evolution doesn't receive the expected response from gpg and hangs Expected results: you should be asked to enter a pin Does this happen every time? yes Other information:
*** Bug 335467 has been marked as a duplicate of this bug. ***
Hi, I can confirm the problem, and offer a solution: gpg sends slightly different status messages when dealing with keys on card rather than on disk. A decryption session with an on-disk key: gpg: armor header: Version: GnuPG v1.4.1 (GNU/Linux) gpg: public key is F7619739 [GNUPG:] ENC_TO C6D28EC0F7619739 16 0 gpg: using subkey F7619739 instead of primary key E6AB2957 [GNUPG:] USERID_HINT C6D28EC0F7619739 Tilman Koschnick <til@subnetz.org> [GNUPG:] NEED_PASSPHRASE C6D28EC0F7619739 AD4EE47FE6AB2957 16 0 gpg: using subkey F7619739 instead of primary key E6AB2957 [GNUPG:] GET_HIDDEN passphrase.enter ************************ [GNUPG:] GOT_IT [GNUPG:] GOOD_PASSPHRASE gpg: NOTE: key has been revoked gpg: encrypted with 2048-bit ELG-E key, ID F7619739, created 2004-09-02 "Tilman Koschnick <til@subnetz.org>" [GNUPG:] BEGIN_DECRYPTION gpg: AES256 encrypted data gpg: original file name='' [GNUPG:] PLAINTEXT 62 1145882071 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION A decryption session with an on-card key: gpg: public key is 151CC8CF [GNUPG:] ENC_TO E34C72B0151CC8CF 1 0 gpg: using subkey 151CC8CF instead of primary key E6AB2957 gpg: reader slot 0: using ccid driver gpg: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: AID: D2 76 00 01 24 01 01 01 00 01 00 00 08 DE 00 00 [GNUPG:] CARDCTRL 3 D2760001240101010001000008DE0000 [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 [GNUPG:] GET_HIDDEN passphrase.pin.ask *********************** [GNUPG:] GOT_IT gpg: using subkey 151CC8CF instead of primary key E6AB2957 gpg: encrypted with 1024-bit RSA key, ID 151CC8CF, created 2006-04-28 "Tilman Koschnick <til@subnetz.org>" [GNUPG:] BEGIN_DECRYPTION gpg: AES256 encrypted data gpg: original file name='evolution.log' [GNUPG:] PLAINTEXT 62 1146267806 evolution.log [GNUPG:] PLAINTEXT_LENGTH 11448510 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION The crucial lines are [GNUPG:] NEED_PASSPHRASE C6D28EC0F7619739 AD4EE47FE6AB2957 16 0 [GNUPG:] GET_HIDDEN passphrase.enter vs. [GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 [GNUPG:] GET_HIDDEN passphrase.pin.ask The attached patch was done against evolution-data-server-1.4.2.1, but at least applies cleanly against evolution-data-server-1.7.1 as well. The approach is a bit simplistic - copy & paste, change some strings - but works. Cheers, Til
Created attachment 64509 [details] [review] patch to camel/camel-gpg-context.c to deal with gpg keys on smartcards
The status-fd log you provided was a real help. thanks. I've got my own patch that's a little cleaner that I'll apply to CVS (I'd do it now but I don't have my ssh keys on my laptop and so don't have commit access).
fixed in the 2.7 branch (HEAD), changes strings so can't apply it to stable branch
*** Bug 351041 has been marked as a duplicate of this bug. ***