Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gnupg keeps querying card, even if key in question is unrelated to key on card #196

Open
intr-cx opened this issue Dec 13, 2023 · 4 comments
Open

Gnupg keeps querying card, even if key in question is unrelated to key on card #196

intr-cx opened this issue Dec 13, 2023 · 4 comments

Comments

@intr-cx
Copy link

intr-cx commented Dec 13, 2023

Been noticing for a while now that Gnupg keeps querying my smart card when I try to decrypt anything at all, even with keys that are not stored on the card. This is not a huge problem, but it gets quite annoying when working with large batches of encrypted files (emails or password files for example), because it takes about a second per decryption operation and it causes unnecessary strain on the device.

This does not occur with the Nitrokey Pro 2. It'll query it once, and then leave it alone.

I've tried running scdaemon with verbose logging and found this:

scdaemon[12887] DBG: chan_7 -> S SERIALNO <redacted>
scdaemon[12887] DBG: chan_7 -> OK
scdaemon[12887] DBG: chan_7 <- SERIALNO
scdaemon[12887] sending signal 12 to client 12885
scdaemon[12887] DBG: chan_7 -> S SERIALNO <redacted>
scdaemon[12887] DBG: chan_7 -> OK
scdaemon[12887] DBG: chan_7 <- KEYINFO --list=encr
scdaemon[12887] reading public key failed: Missing item in object
scdaemon[12887] DBG: chan_7 -> S KEYINFO <redacted> T <redacted> OPENPGP.2 e
scdaemon[12887] DBG: chan_7 -> OK
scdaemon[12887] DBG: chan_7 <- RESTART
scdaemon[12887] DBG: chan_7 -> OK
  • Nitrokey 3A NFC v1.6.0 (but this happened on v1.5.x too)
  • gpg (GnuPG) 2.4.3
  • libgcrypt 1.10.3-unknown
  • pcsc-lite version 2.0.1. (not sure if relevant)
@sosthene-nitrokey
Copy link
Collaborator

Thank you for the report!

Does your NK3 and the pro 2 have keys stored on it?

From my testing, gpg polls the device if there is no key in it, but if there is a key in it it does not poll.

@intr-cx
Copy link
Author

intr-cx commented Dec 14, 2023 via email

@intr-cx
Copy link
Author

intr-cx commented Dec 14, 2023

So, I'm an idiot. The reason it's doing this is because the key on the NK3 was set as the default signing key...

Sorry for wasting your time.

@intr-cx intr-cx closed this as completed Dec 14, 2023
@intr-cx
Copy link
Author

intr-cx commented Feb 5, 2024

The issue resurfaced, it seems the default signing key setting had no effect.

Using pcscd, the Nitrokey gets queried (and blinks) for any decryption operation, even with keys that are not on the Nitrokey. The issue is that it slows down all PGP decryption operations whenever the Nitrokey is plugged in.

@intr-cx intr-cx reopened this Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@intr-cx @sosthene-nitrokey