[Bug 1641746] [NEW] gpg2: gpg2 --card-status: gpg: selecting openpgp failed: Card error

Anton Marchukov anton at marchukov.com
Mon Nov 14 21:59:27 UTC 2016 

Public bug reported:

gpg2 does not work with OpenPGP card:

$ gpg2 --card-status 
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error

I also enabled scdaemon debug output and have the following there:

2016-11-14 22:43:49 scdaemon[4817] listening on socket '/home/antonm/.gnupg/S.scdaemon'
2016-11-14 22:43:49 scdaemon[4817] handler for fd -1 started
2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_open_reader: portstr=(null)
2016-11-14 22:43:49 scdaemon[4817] detected reader 'Yubico Yubikey 4 U2F+CCID 00 00'
2016-11-14 22:43:49 scdaemon[4817] detected reader 'Gemalto GemPC Express 01 00'
2016-11-14 22:43:49 scdaemon[4817] reader slot 0: not connected
2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- GETINFO socket_name
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> D /home/antonm/.gnupg/S.scdaemon
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- OPTION event-signal=12
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- GETINFO version
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> D 2.1.11
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- SERIALNO openpgp
2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_connect: slot=0
2016-11-14 22:43:49 scdaemon[4817] pcsc_connect failed: sharing violation (0x8010000b)
2016-11-14 22:43:49 scdaemon[4817] reader slot 0: not connected
2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_connect => sw=0x10006
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> ERR 100663404 Card error <SCD>
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- RESTART
2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_get_status: slot=0 hang=0
2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_get_status => sw=0x0 status=6 changecnt=1
2016-11-14 22:43:49 scdaemon[4817] updating reader 0 (0) status: 0x0000->0x0006 (0->1)
2016-11-14 22:43:49 scdaemon[4817] sending signal 12 to client 2143
2016-11-14 22:43:50 scdaemon[4817] DBG: enter: apdu_get_status: slot=0 hang=0

that might be the reason. The card in questions is Yubikey 4 with
OpenPGP applet loaded, but I also tried regular OpenPGP v2 card with the
same result.

I also have pcscd running as I use Estonian eID card a couple of other
smart cards too.

systemctl status pcscd.service has the following in log:

Nov 14 22:12:36 loki systemd[1]: Started PC/SC Smart Card Daemon.
Nov 14 22:12:36 loki pcscd[2045]: 00000000 ifdhandler.c:144:CreateChannelByNameOrChannel() failed
Nov 14 22:12:36 loki pcscd[2045]: 00000029 readerfactory.c:1043:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0406:libudev:0:/dev/bus/usb/002/003)
Nov 14 22:12:36 loki pcscd[2045]: 00000006 readerfactory.c:335:RFAddReader() Yubico Yubikey 4 U2F+CCID init failed

But pcsc_scan works and is able to recognize OpenPGP card on Yubikey:

$ pcsc_scan 
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau at free.fr>
Compiled with PC/SC lite version: 1.8.14
Using reader plug'n play mechanism
Scanning present readers...
0: Yubico Yubikey 4 U2F+CCID 00 00
1: Gemalto GemPC Express 01 00

Mon Nov 14 22:54:46 2016
Reader 0: Yubico Yubikey 4 U2F+CCID 00 00
  Card state: Card inserted, Shared Mode, 
  ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4

ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
+ TS = 3B --> Direct Convention
+ T0 = F8, Y(1): 1111, K: 8 (historical bytes)
  TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
    43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 59 75 62 69 6B 65 79 34
  Category indicator byte: 59 (proprietary format)
+ TCK = D4 (correct checksum)

Possibly identified card (using /home/antonm/.cache/smartcard_list.txt):
3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
	Yubico Yubikey 4 OTP+CCID

and the only process using /dev/bus/usb/002/003 according to lsof is
pcscd itself.

Tried a couple of restarts of pcscd, gpg-agent and scdaemon with no
success. Also tried "disable-ccid" for scdaemon.conf with not much luck
either.

At this point I am stuck with debugging in further. If anything comes to
the mind will update the bug.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gnupg2 2.1.11-6ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Nov 14 22:47:15 2016
InstallationDate: Installed on 2016-05-16 (182 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: gnupg2
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: gnupg2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1641746

Title:
  gpg2: gpg2 --card-status: gpg: selecting openpgp failed: Card error

Status in gnupg2 package in Ubuntu:
  New

Bug description:
  gpg2 does not work with OpenPGP card:

  $ gpg2 --card-status 
  gpg: selecting openpgp failed: Card error
  gpg: OpenPGP card not available: Card error

  I also enabled scdaemon debug output and have the following there:

  2016-11-14 22:43:49 scdaemon[4817] listening on socket '/home/antonm/.gnupg/S.scdaemon'
  2016-11-14 22:43:49 scdaemon[4817] handler for fd -1 started
  2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_open_reader: portstr=(null)
  2016-11-14 22:43:49 scdaemon[4817] detected reader 'Yubico Yubikey 4 U2F+CCID 00 00'
  2016-11-14 22:43:49 scdaemon[4817] detected reader 'Gemalto GemPC Express 01 00'
  2016-11-14 22:43:49 scdaemon[4817] reader slot 0: not connected
  2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- GETINFO socket_name
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> D /home/antonm/.gnupg/S.scdaemon
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- OPTION event-signal=12
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- GETINFO version
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> D 2.1.11
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- SERIALNO openpgp
  2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_connect: slot=0
  2016-11-14 22:43:49 scdaemon[4817] pcsc_connect failed: sharing violation (0x8010000b)
  2016-11-14 22:43:49 scdaemon[4817] reader slot 0: not connected
  2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_connect => sw=0x10006
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> ERR 100663404 Card error <SCD>
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 <- RESTART
  2016-11-14 22:43:49 scdaemon[4817] DBG: chan_5 -> OK
  2016-11-14 22:43:49 scdaemon[4817] DBG: enter: apdu_get_status: slot=0 hang=0
  2016-11-14 22:43:49 scdaemon[4817] DBG: leave: apdu_get_status => sw=0x0 status=6 changecnt=1
  2016-11-14 22:43:49 scdaemon[4817] updating reader 0 (0) status: 0x0000->0x0006 (0->1)
  2016-11-14 22:43:49 scdaemon[4817] sending signal 12 to client 2143
  2016-11-14 22:43:50 scdaemon[4817] DBG: enter: apdu_get_status: slot=0 hang=0

  that might be the reason. The card in questions is Yubikey 4 with
  OpenPGP applet loaded, but I also tried regular OpenPGP v2 card with
  the same result.

  I also have pcscd running as I use Estonian eID card a couple of other
  smart cards too.

  systemctl status pcscd.service has the following in log:

  Nov 14 22:12:36 loki systemd[1]: Started PC/SC Smart Card Daemon.
  Nov 14 22:12:36 loki pcscd[2045]: 00000000 ifdhandler.c:144:CreateChannelByNameOrChannel() failed
  Nov 14 22:12:36 loki pcscd[2045]: 00000029 readerfactory.c:1043:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0406:libudev:0:/dev/bus/usb/002/003)
  Nov 14 22:12:36 loki pcscd[2045]: 00000006 readerfactory.c:335:RFAddReader() Yubico Yubikey 4 U2F+CCID init failed

  But pcsc_scan works and is able to recognize OpenPGP card on Yubikey:

  $ pcsc_scan 
  PC/SC device scanner
  V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau at free.fr>
  Compiled with PC/SC lite version: 1.8.14
  Using reader plug'n play mechanism
  Scanning present readers...
  0: Yubico Yubikey 4 U2F+CCID 00 00
  1: Gemalto GemPC Express 01 00

  Mon Nov 14 22:54:46 2016
  Reader 0: Yubico Yubikey 4 U2F+CCID 00 00
    Card state: Card inserted, Shared Mode, 
    ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4

  ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
  + TS = 3B --> Direct Convention
  + T0 = F8, Y(1): 1111, K: 8 (historical bytes)
    TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
      43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
    TB(1) = 00 --> VPP is not electrically connected
    TC(1) = 00 --> Extra guard time: 0
    TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
  -----
    TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
  -----
    TA(3) = FE --> IFSC: 254
    TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
  + Historical bytes: 59 75 62 69 6B 65 79 34
    Category indicator byte: 59 (proprietary format)
  + TCK = D4 (correct checksum)

  Possibly identified card (using /home/antonm/.cache/smartcard_list.txt):
  3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
  	Yubico Yubikey 4 OTP+CCID

  and the only process using /dev/bus/usb/002/003 according to lsof is
  pcscd itself.

  Tried a couple of restarts of pcscd, gpg-agent and scdaemon with no
  success. Also tried "disable-ccid" for scdaemon.conf with not much
  luck either.

  At this point I am stuck with debugging in further. If anything comes
  to the mind will update the bug.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: gnupg2 2.1.11-6ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
  Uname: Linux 4.4.0-47-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Nov 14 22:47:15 2016
  InstallationDate: Installed on 2016-05-16 (182 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
  SourcePackage: gnupg2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1641746/+subscriptions

More information about the foundations-bugs mailing list