Can't move ed25519/cv25519 keys to card #20
Assignees
Labels
Comments
|
Please provide steps to reproduce it, including the generation of ed25519 key in localhost. |
export IDENTITY="johh locke <[email protected]>"
export EXPIRATION=2y
gpg --pinentry-mode=loopback --quick-generate-key "$IDENTITY" ed25519 cert never
export KEYFP=$(gpg -k --with-colons "$IDENTITY" | awk -F: '/^fpr:/ { print $10; exit }')
gpg --pinentry-mode=loopback --quick-add-key $KEYFP ed25519 sign $EXPIRATION
gpg --pinentry-mode=loopback --quick-add-key $KEYFP cv25519 encr $EXPIRATION
gpg --pinentry-mode=loopback --quick-add-key $KEYFP ed25519 auth $EXPIRATION
gpg --edit-key $KEYFP
Secret key is available.
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
ssb ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <[email protected]>
gpg> key 1
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
ssb* ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <[email protected]>
gpg> keytocard
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
# move cv25519 key
gpg --edit-key $KEYFP
Secret key is available.
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
sub ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <[email protected]>
gpg> key 2
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
sub ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb* cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <[email protected]>
gpg> keytocard
Please select where to store the key:
(2) Encryption key
Your selection? 2 |
polhenarejos
added
bug
|
Are you using the EdDSA branch? |
Hi, no, i use 2.2 version from release page |
I try eddsa branch, and it work ;-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have keys
After trying move subkeys to card, card is no longer detected in gnupg...
pcsc_scan log after card broke
Scanning present readers... Waiting for the first reader... found one Scanning present readers... 0: Yubico YubiKey OTP+FIDO+CCID [Pico Key CCID Interface] (DE6270431F522A2B) 00 00Sat Sep 28 07:13:38 2024
Reader 0: Yubico YubiKey OTP+FIDO+CCID [Pico Key CCID Interface] (DE6270431F522A2B) 00 00
Event number: 0
Card state: Card inserted,
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TC(1) = FF --> Extra guard time: 255 (special value)
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V
+ Historical bytes: 00 31 F5 73 C0 01 60 00 90 00
Category indicator byte: 00 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: F5
- Application selection: by full DF name
- Application selection: by partial DF name
- BER-TLV data objects available in EF.DIR
- BER-TLV data objects available in EF.ATR
- EF.DIR and EF.ATR access services: by GET DATA command
- Card without MF
Tag: 7, len: 3 (card capabilities)
Selection methods: C0
- DF selection by full DF name
- DF selection by partial DF name
Data coding byte: 01
- Behaviour of write functions: one-time write
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 60
- Extended Lc and Le fields
- RFU (should not happen)
- Logical channel number assignment: No logical channel
- Maximum number of logical channels: 1
Mandatory status indicator (3 last bytes)
LCS (life card cycle): 00 (No information given)
SW: 9000 (Normal processing.)
+ TCK = 1C (correct checksum)
Possibly identified card (using /nix/store/qd5x13g2kqlaj3rf5d6rvpdnbym3x9s1-pcsc-tools-1.7.2/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
OpenPGP Card V3
I trying move RSA keys, it's work normal
I use waveshare rp2040 one, firmware version 2.2
The text was updated successfully, but these errors were encountered: