LedgerHQ / app-openpgp

OpenPGP Card Application
Apache License 2.0
123 stars 21 forks source link

CV25519 support is broken #84

Open michaelni opened 1 year ago

michaelni commented 1 year ago

I tried using my ledger for secure gpg key storage. And short and simple this app is just too buggy. Especially if "secure" is the goal. Now the details I tried generating ed25519/cv25519 keys on the ledger (refusing the default option of a backup). This results in 2 working ed25519 keys for signatures and authentication on the "card" but the decryption key which should be a CV25519 key. Simply doesnt work. The ledger asks for the pin and all but it fails. in the logs one sees:

operation decipher result: Card error
app_decipher failed: Card error
DBG: chan_7 -> ERR 100663404 Card error <SCD>

Then one tries this again and picks the default like probably most people do, "do the whatever backup". And that works with ed/cv25519 keys or does it? It sure looks like its working signing is perfectly fine it asks for the pin and all same as without the backup but then with decryption it works a little too well. It doesnt ask for the pin, it doesnt even need the ledger to be connected. And it keeps working if one kills all agents and caches. Yes the unencrypted private key seems simply left on the disk silently after asking the user for a password to encrypt a copy of it. And it works not all with the ledger but with the key on disk. I want to be wrong. Please someone tell me this is not so and iam an idiot and am missing something. Ohh and btw RSA4096 keys do seem to work for encryption. Iam just not sure how much i trust anything from this app anymore. I tried this with

gpg (GnuPG) 2.2.19
libgcrypt 1.8.5

and

gnupg2 (2.2.41), gnutls28 (3.7.3), gpgme1.0 (1.17.0), libassuan (2.5.5), libgcrypt20 (1.8.9)

The versions didnt make a difference

Infernogeek1 commented 1 year ago

Can confirm on gpg (GnuPG) 2.3.7 libgcrypt 1.10.1-unknown scdaemon log: https://pastebin.com/Wpy5Ahk5 gpg-agent log: https://pastebin.com/wDk3QRUK Note lines from scdaemon log

2023-03-21 01:00:27 scdaemon[2623] DBG:  response: sw=6F42  datalen=4
2023-03-21 01:00:27 scdaemon[2623] operation decipher result: Card error
2023-03-21 01:00:27 scdaemon[2623] app_decipher failed: Card error
yankeguo commented 2 months ago

I spent the whole afternoon debugging and found out it was a bug.