[pkg-gnupg-maint] missing feature in gnupg1 (1.4.21-3)

Micha Borrmann micha.borrmann at syss.de
Thu Mar 16 16:56:35 UTC 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've created some logs and found no error in it. Well, I've read it with 

/bin/cat $log 

in my initramfs and the screen buffer was not able to display all lines. However, I've found now an error message, which may be the source to solve my problem (but it is not direct related to GnuPG)

These lines are from /lib/cryptsetup/scripts/decrypt_gnupg_sc

        echo "Performing GPG key decryption ..." >&2
        ls -l /dev/tty >&2
        ls -l /dev/console >&2
        /usr/bin/gpg2 --card-status >&2
        if ! /lib/cryptsetup/askpass \
                "Enter smartcard PIN or passphrase for key $1: " | \
                /usr/bin/gpg2 --quiet --batch --homedir "$(dirname $1)" \
                --trustdb-name /dev/null --pinentry-mode=loopback --passphrase-fd 0 --decrypt $1; then
                return 1
        fi

Booting my machine, I've seen the following

#####
Performing GPG key decryption ...
crw-rw-rw-	1 0	0		5,	0 Mar 16 16:47 /dev/tty
crw-------	1 0	0		5,	1 Mar 16 16:47 /dev/console
gpg: cannot open /dev/tty': No such device or address
Reader ...........: 058F:9540:X:0
Application ID ...: D2760001240102010005000045EC0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 000045EC
Name of cardholder: Micha Borrmann
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa2048 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 481
Signature key ....: F2E7 C6A5 9950 84ED 7AD6  0DD4 EDBE 26E7 14EA 5876
      created ....: 2016-02-17 15:26:16
Encryption key....: ADB2 069E 7A1A 6558 2966  47A1 4E81 F234 C254 AF58
      created ....: 2016-02-17 15:26:16
Authentication key: EEE0 138F C87E 164B E6D8  3ED9 3768 D170 FA56 C0D6
      created ....: 2016-02-17 15:26:16
General key info..: Enter smartcard PIN or passphrase for key /etc/keys/cryptkey.gpg:
#####

Why can gpg not open /dev/tty ? This may be the problem.

Thanks again for hints,

Micha Borrmann


Am 15.03.2017 um 19:10 schrieb Daniel Kahn Gillmor:
> On Wed 2017-03-15 08:35:50 -0400, Micha Borrmann wrote:
>> thanks for this idea. Is there an example setup howto configure an IP
>> stack within initramfs?
> 
> an initramfs is no different than a regular linux machine -- it just has
> no disk-backed filesystems.
> 
> that said, i suspect it'd be simpler to log everything to a file inside
> the initramfs and just inspect it directly.
> 
>     --dkg
> 

- -- 
Micha Borrmann                   Tel: +49 7071 407856-16
Senior IT-Security Consultant    Fax: +49 7071 407856-19
SySS GmbH                      Handy: +49 173  51 288 67
Wohlboldstraße 8              E-Mail: micha.borrmann at syss.de
72072 Tübingen                 https://www.syss.de
Key fingerprint = F2E7 C6A5 9950 84ED 7AD6  0DD4 EDBE 26E7 14EA 5876

Geschäftsführer: Sebastian Schreiber
Registergericht: Amtsgericht Stuttgart / HRB 382420
Steuernummer:    86118 / 55809

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8ufGpZlQhO161g3U7b4m5xTqWHYFAljKw7wACgkQ7b4m5xTq
WHYH5w/+Kogspk31tJoKLk/pSwONtzU0MvsdOP1p3a3u5Ep3UpPV0hNcqOMQopD9
z45sCm846nd3IztxnkWD0gGKjQ78QL15bgplK/SgkA+iRG8pt6vslPGIxnmNM/1f
tHsPEZhtdkHzuS7Dsum3T8pAI0341dzVNWZkRG8FiZtp/mdA20woqmJOVFZHuvrE
xO9Qzm9XLX/G50XSvp4S9tMvkHHBr0GxvFYc1vhYes/AIRfpwYHh3wRsd0h6cJxB
E76WTfqPY0fec3+CYq9k6JsSaD0k7YNwgPD/JlycJ0J+cfx9ztz3hKS62WQvXtuh
pZT29eUXluoYHSM/66IYalj/44p8KUxtHT7jo8lAaqdXTsXXCnsbOv5f8AD4J6V6
ta7aK1SyqvhclYaneFm5PjB2m2K3Y2Dvu+CC62Jpezt1WIlR/8TZ8i+5lo4ZSOF2
x3NhhBkpDZQBxKa2if9pFk46xckhqoQYUg+gRAQoyAXKKN285awmvRwX5hYJsdbw
PCOcvQpnZWK6VvPPJzu0nCUec5LUb46syyH/B+8LsOZxl1KcQGxtNURZKb9/BxWA
iNrZTIpVcgl+c18nurOqN/XMYsfY7FctAKf6oTptZ06xZ+HEDccMMXd8e5L/roz+
a95Lmeqo8w85t72IBZGfxnxCwwfk5vqoW/T/JLuQOQkMYuUh8/E=
=wVru
-----END PGP SIGNATURE-----

More information about the pkg-gnupg-maint mailing list