alonbl
commented
3 years ago Hi,
Please try #32, gnupg-2.3 changed the interface.
Thanks, Alon
Closed marif-thales closed 2 years ago
alonbl
commented
3 years ago Hi,
Please try #32, gnupg-2.3 changed the interface.
Thanks, Alon
marif-thales
commented
3 years ago Hi Alon,
I have downloaded the zip file from #32, but after several attempts I was unable to install it. Can you please help me to install these changes. Currenntly I am using gnupg-pkcs-scd v0.9.2
alonbl
commented
3 years ago What do you mean by installing it? Please clone git repo and checkout the branch.
marif-thales
commented
3 years ago I mean after checkout the branch what are the steps to create the gnupg-pkcs-scd utility. There is no configure file to run standard steps i.e. ./configure make make install
Thanks, Arif
On Mon, Sep 13, 2021, 10:17 PM Alon Bar-Lev @.***> wrote:
What do you mean by installing it? Please clone git repo and checkout the branch.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/alonbl/gnupg-pkcs11-scd/issues/31#issuecomment-918379442, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQYRXBVG25HJEVTMQSJJMV3UBYTK5ANCNFSM5DZMWXWA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
alonbl
commented
3 years ago Run: autoreconf -ivf
marif-thales
commented
3 years ago Hi Alon,
Thanks for your help but still I am getting the below error while running ./configure.
./configure: line 7112: syntax error near unexpected token threading' ./configure: line 7112:PKCS11_HELPER_1_CHECK_FEATURES(threading token certificate engine_crypto)'
Below are the steps which I have followed with their output please help me to identify what is wrong.
Cloning into 'gnupg-pkcs11-scd'... remote: Enumerating objects: 1120, done. remote: Counting objects: 100% (39/39), done. remote: Compressing objects: 100% (25/25), done. remote: Total 1120 (delta 19), reused 27 (delta 14), pack-reused 1081 Receiving objects: 100% (1120/1120), 335.46 KiB | 591.00 KiB/s, done. Resolving deltas: 100% (688/688), done. Checking connectivity... done.
Switched to a new branch 'readkey'
autoreconf: Entering directory .' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal --force -I m4 autoreconf: configure.ac: tracing autoreconf: configure.ac: not using Libtool autoreconf: running: /usr/bin/autoconf --force autoreconf: running: /usr/bin/autoheader --force autoreconf: running: automake --add-missing --copy --force-missing configure.ac:52: installing './compile' configure.ac:53: installing './config.guess' configure.ac:53: installing './config.sub' configure.ac:42: installing './install-sh' configure.ac:42: installing './missing' gnupg-pkcs11-scd-proxy/Makefile.am: installing './depcomp' autoreconf: Leaving directory.'
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define EXTENSIONS... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for m4... m4
checking whether time.h and sys/time.h may both be included... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking for alarm... yes
checking for working mktime... yes
checking return type of signal handlers... void
checking for vprintf... yes
checking for _doprnt... no
checking for gettimeofday... yes
checking for memmove... yes
checking for memset... yes
checking for socket... yes
checking for strchr... yes
checking for strdup... yes
checking for strerror... yes
checking for strrchr... yes
checking for snprintf... yes
checking for timegm... yes
checking for unsetenv... yes
checking for a sed that does not truncate output... /bin/sed
checking whether gcc is Clang... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for libgpg-error... found
checking for libassuan... found
checking for libgcrypt... found
checking for OPENSSL... yes
checking for GNUTLS... no
checking for PKCS11_HELPER... yes
./configure: line 7112: syntax error near unexpected token threading' ./configure: line 7112:PKCS11_HELPER_1_CHECK_FEATURES(threading token certificate engine_crypto)'
alonbl
commented
3 years ago Please install pkcs11-helper-dev and try again.
marif-thales
commented
3 years ago I have installed pkcs11-helper-dev package but still the same error. I tried the gnupg-pkcs11-scd-0.9.2 which is working and do not throw this error. Anything else that you can suggest to remove this error and proceed.
alonbl
commented
3 years ago You are missing the m4 macro of pkcs11-helper before autoreconf is run. Please try to use this[1] packaged version.
[1] https://drive.google.com/file/d/1nCVqSYm-l8vE8vdWhk-zR2W6HVuHcKix/view?usp=sharing
marif-thales
commented
3 years ago Dear Alon,
With your help finally I made some progress and "gpg --card-status" command start working but still I am not able to create the key using keygrip. At end of "gpg --expert --full-generate-key" command, it asked me to enter the card and pressing OK prompting the same again n again but my HSM is already plugged-in. Finally key generation fails. Can you please help me to identify what is wrong, below is the procedure which I followed.
root@marif-virtual-machine:~# gpg --card-status gpg: WARNING: server 'scdaemon' is older than us (0.9.3_master < 2.3.2) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. Reader ...........: [none] Application ID ...: D2760001240111503131FF422ADE1111 Application type .: OpenPGP Version ..........: 11.50 Manufacturer .....: ? Serial number ....: FF422ADE Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: rsa48 rsa48 rsa48 Max. PIN lengths .: 0 0 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] root@marif-virtual-machine:~# root@marif-virtual-machine:~# gpg-agent --server gpg-connect-agent << EOF
SCD LEARN EOF OK Pleased to meet you S SERIALNO D2760001240111503131FF422ADE1111 S APPTYPE PKCS11 S KEY-FRIEDNLY F5A771B38377DF87D4B53B0372361E1062E00370 /C=In/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Auth on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEYPAIRINFO F5A771B38377DF87D4B53B0372361E1062E00370 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEY-FRIEDNLY A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Encr on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEYPAIRINFO A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEY-FRIEDNLY B1658AFE0DB150D34C15D671818C175E8E15CF25 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Sign on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E S KEYPAIRINFO B1658AFE0DB150D34C15D671818C175E8E15CF25 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E OK root@marif-virtual-machine:~# root@marif-virtual-machine:~# gpg --expert --full-generate-key gpg (GnuPG) 2.3.2; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (sign and encrypt) default (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key (14) Existing key from card Your selection? 13 Enter the keygrip: B1658AFE0DB150D34C15D671818C175E8E15CF25
Possible actions for this RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? Q Please specify how long the key should be valid. 0 = key does not expire
alonbl
commented
3 years ago Hi @marif-thales, can you please attached debug logs as you have done in your first post?
marif-thales
commented
3 years ago Hi Alon, log1.zip
Yes please find attached the debug logs.
alonbl
commented
3 years ago Thanks @marif-thales , It is much more complex than I thought, it will take me some time to allocate time to solve it. Please consider downgrading gnupg to 2.2.x for now.
marif-thales
commented
3 years ago Hi Alon,
I have downloaded and installed gnupg v2.2.31 and tried. The good news is this version is working fine and I am able to create GPG keys from HSM and sign the data using HSM generated key.
root@marif-virtual-machine:~# gpg --card-status gpg: WARNING: server 'scdaemon' is older than us (0.9.3_master < 2.2.31) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. Reader ...........: [none] Application ID ...: D2760001240111503131FF422ADE1111 Application type .: OpenPGP Version ..........: 11.50 Manufacturer .....: ? Serial number ....: FF422ADE Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: rsa48 rsa48 rsa48 Max. PIN lengths .: 0 0 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] root@marif-virtual-machine:~# gpg-agent --server gpg-connect-agent OK Pleased to meet you SCD LEARN S SERIALNO D2760001240111503131FF422ADE1111 S APPTYPE PKCS11 S KEY-FRIEDNLY F5A771B38377DF87D4B53B0372361E1062E00370 /C=In/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Auth on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEYPAIRINFO F5A771B38377DF87D4B53B0372361E1062E00370 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEY-FRIEDNLY A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Encr on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEYPAIRINFO A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEY-FRIEDNLY B1658AFE0DB150D34C15D671818C175E8E15CF25 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Sign on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E S KEYPAIRINFO B1658AFE0DB150D34C15D671818C175E8E15CF25 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E OK ^C root@marif-virtual-machine:~# gpg --expert --full-generate-key gpg (GnuPG) 2.2.31; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC and ECC (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key (14) Existing key from card Your selection? 13 Enter the keygrip: B1658AFE0DB150D34C15D671818C175E8E15CF25
Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? Q Please specify how long the key should be valid. 0 = key does not expire
marif-thales
commented
3 years ago You are missing the m4 macro of pkcs11-helper before autoreconf is run. Please try to use this[1] packaged version. [1] https://drive.google.com/file/d/1nCVqSYm-l8vE8vdWhk-zR2W6HVuHcKix/view?usp=sharing
Hi Alon, Please confirm if this packaged version from google drive is right gnu-pkcs11-scd candidate to work with gnupg v2.2.31
alonbl
commented
3 years ago You are missing the m4 macro of pkcs11-helper before autoreconf is run. Please try to use this[1] packaged version. [1] https://drive.google.com/file/d/1nCVqSYm-l8vE8vdWhk-zR2W6HVuHcKix/view?usp=sharing
Hi Alon, Please confirm if this packaged version from google drive is right gnu-pkcs11-scd candidate to work with gnupg v2.2.31
I do not understand... at comment https://github.com/alonbl/gnupg-pkcs11-scd/issues/31#issuecomment-929825145 you wrote that something is working, probably latest release. Why are you taking anything from drive? What is currently missing?
marif-thales
commented
3 years ago Hi Alon,
I am talking about "gnupg-pkcs11-scd-0.9.3_master.tar.bz2" which have the fix and working but I have downloaded it from the drive link shared by you. The question is from where we can get this v0.9.3 because offcial site for gnu-pkcs11-scd has latest v v0.9.2 https://github.com/alonbl/gnupg-pkcs11-scd/releases/ The above url shows v0.9.2 is latest release however this version have issue which I have reported and fix in v0.9.3. Remember I tried to download the code from github url "https://github.com/alonbl/gnupg-pkcs11-scd.git" master brach and tag to "readkey" branch. However I was not able to install it due to some "m4 macro of pkcs11-helper" and you sent me the packaged version via drive.
So the question is where do we get the packaged v0.9.3 which has the fix but not available to download.
alonbl
commented
3 years ago Please download and use 0.9.2 using gnupg-2.2, it should work.
alonbl
commented
3 years ago Hi,
Would you like to test #32 which should work with gnpg-2.3?
The pkcs11-helper issue you have is due to missing /usr/share/aclocal/pkcs11-helper-1.m4, please make sure your build system installs the file and aclocal has access to the file before running autoreconf.
alonbl
commented
3 years ago Hi @marif-thales, Can you please test this to see if it works? Thanks, Alon
marif-thales
commented
3 years ago Hi Alon,
Yes we have tested readkey with gnupg 2.3.x latest version available and it is working. Can you please let me know when you are planning to release next version of gnupg-pkcs11-scd which includes these fixes. We will update our integration guide accordingly. Thank you so much for all your help. Much Appreciated. Thanks, Arif
alonbl
commented
3 years ago Thank you for testing. I will release a new version as soon as I release a new version of pkcs11-helper.
FStelzer
commented
2 years ago I just wanted to let you know works for me as well. I recently upgraded to fedora 35 which brought gnunpg-2.3 and broke my yubikey/smartcard integration with it. With this patch everything seems to work just fine. Also it seems to have fixed my issue in: https://github.com/alonbl/gnupg-pkcs11-scd/issues/37 not sure if this is a coincidence or if something else in the f35 upgrade had anything to do with it.
alonbl
commented
2 years ago Thank you for all, I will appreciate feedback of https://github.com/alonbl/pkcs11-helper/tree/always-auth branch with the https://github.com/alonbl/gnupg-pkcs11-scd/tree/pincache branch before release. Thanks,
alonbl
commented
2 years ago Should work with gnupg-pkcs11-scd-0.9.3
Hi Alonbl,
I am integrating GPG with Thales Luna HSM but when I am running the command "gpg --card-status" it is failing with an error and when I am trying to generate the key it returns "no key with this keygrip", however keys are avaialble on HSM Partition and "gpg-agent --server gpg-connect-agent" command showing all the avaialable keys on HSM partition. Below is the steps and also all my related configuration files for reference.
root@marif-virtual-machine:~# pkcs11-tool --module /usr/safenet/lunaclient/lib/libcklog2.so -T Available slots: Slot 0 (0x1): Net Token Slot token label : INTG_Par01 token manufacturer : Safenet, Inc. token model : LunaSA 7.7.0 token flags : rng, login required, PIN initialized, token initialized, other flags=0x20 hardware version : 0.0 firmware version : 7.7 serial num : 1312109861420 root@marif-virtual-machine:~# gpg --version gpg (GnuPG) 2.3.2 libgcrypt 1.9.4 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Home: /root/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 AEAD: EAX, OCB Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed root@marif-virtual-machine:~# gpg --card-status gpg: WARNING: server 'scdaemon' is older than us (0.9.2 < 2.3.2) gpg: Note: Outdated servers may lack important security fixes. gpg: Note: Use the command "gpgconf --kill all" to restart them. gpg: OpenPGP card not available: No inquire callback in IPC root@marif-virtual-machine:~# gpg-agent --server gpg-connect-agent OK Pleased to meet you SCD LEARN S SERIALNO D2760001240111503131FF422ADE1111 S APPTYPE PKCS11 S KEY-FRIEDNLY F5A771B38377DF87D4B53B0372361E1062E00370 /C=In/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Auth on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEYPAIRINFO F5A771B38377DF87D4B53B0372361E1062E00370 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/DDD943EC192D40F4DA84B039A1ED9975 S KEY-FRIEDNLY A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Encr on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEYPAIRINFO A331F253E198DB0C2ADB1B73749B4B5E4C0C4CC8 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/B1308321E2CBA6CE5C516A3FB6AE8AD7 S KEY-FRIEDNLY B1658AFE0DB150D34C15D671818C175E8E15CF25 /C=IN/ST=UPST/L=Noida/O=Thales/OU=HSM/CN=GPG-Sign on INTG_Par01 S CERTINFO 101 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E S KEYPAIRINFO B1658AFE0DB150D34C15D671818C175E8E15CF25 Safenet\x2C\x20Inc\x2E/LunaSA\x207\x2E7\x2E0/1312109861420/INTG_Par01/C9B4CB811F29A17F7FD9C00DFFF2D37E OK ^C root@marif-virtual-machine:~# vi ~/.gnupg/gnupg-pkcs11-scd.conf root@marif-virtual-machine:~# gpg --expert --full-generate-key gpg (GnuPG) 2.3.2; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (sign and encrypt) default (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key (14) Existing key from card Your selection? 13 Enter the keygrip: B1658AFE0DB150D34C15D671818C175E8E15CF25 No key with this keygrip Enter the keygrip: gpg-files.zip
Please help us to find what we are missing and doing wrong so that GPG is not able to get the keys from HSM partition where keys are avaialable on partition.