Open ViZiD opened 1 month ago
Please provide steps to reproduce it, including the generation of ed25519 key in localhost.
export IDENTITY="johh locke <johh@locke.me>"
export EXPIRATION=2y
gpg --pinentry-mode=loopback --quick-generate-key "$IDENTITY" ed25519 cert never
export KEYFP=$(gpg -k --with-colons "$IDENTITY" | awk -F: '/^fpr:/ { print $10; exit }')
gpg --pinentry-mode=loopback --quick-add-key $KEYFP ed25519 sign $EXPIRATION
gpg --pinentry-mode=loopback --quick-add-key $KEYFP cv25519 encr $EXPIRATION
gpg --pinentry-mode=loopback --quick-add-key $KEYFP ed25519 auth $EXPIRATION
gpg --edit-key $KEYFP
Secret key is available.
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
ssb ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <johh@locke.me>
gpg> key 1
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
ssb* ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <johh@locke.me>
gpg> keytocard
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
# move cv25519 key
gpg --edit-key $KEYFP
Secret key is available.
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
sub ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <johh@locke.me>
gpg> key 2
sec ed25519/0x54C046F05B051A89
created: 2024-09-28 expires: never usage: C
trust: ultimate validity: ultimate
sub ed25519/0xE7FA1A03722683A8
created: 2024-09-28 expires: 2026-09-28 usage: S
ssb* cv25519/0xFC452AADEE3DC41F
created: 2024-09-28 expires: 2026-09-28 usage: E
ssb ed25519/0x4D7D7CDA4128AC7E
created: 2024-09-28 expires: 2026-09-28 usage: A
[ultimate] (1). johh locke <johh@locke.me>
gpg> keytocard
Please select where to store the key:
(2) Encryption key
Your selection? 2
Are you using the EdDSA branch?
Are you using the EdDSA branch?
Hi, no, i use 2.2 version from release page
Are you using the EdDSA branch?
I try eddsa branch, and it work ;-)
I have keys
After trying move subkeys to card, card is no longer detected in gnupg...
pcsc_scan log after card broke
Scanning present readers... Waiting for the first reader... found one Scanning present readers... 0: Yubico YubiKey OTP+FIDO+CCID [Pico Key CCID Interface] (DE6270431F522A2B) 00 00 Sat Sep 28 07:13:38 2024 Reader 0: Yubico YubiKey OTP+FIDO+CCID [Pico Key CCID Interface] (DE6270431F522A2B) 00 00 Event number: 0 Card state: Card inserted, ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C \+ TS = 3B --> Direct Convention \+ T0 = DA, Y(1): 1101, K: 10 (historical bytes) TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s TC(1) = FF --> Extra guard time: 255 (special value) TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 \----- TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1 \----- TA(3) = FE --> IFSC: 254 TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5 TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following \----- TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V \+ Historical bytes: 00 31 F5 73 C0 01 60 00 90 00 Category indicator byte: 00 (compact TLV data object) Tag: 3, len: 1 (card service data byte) Card service data byte: F5 \- Application selection: by full DF name \- Application selection: by partial DF name \- BER-TLV data objects available in EF.DIR \- BER-TLV data objects available in EF.ATR \- EF.DIR and EF.ATR access services: by GET DATA command \- Card without MF Tag: 7, len: 3 (card capabilities) Selection methods: C0 \- DF selection by full DF name \- DF selection by partial DF name Data coding byte: 01 \- Behaviour of write functions: one-time write \- Value 'FF' for the first byte of BER-TLV tag fields: invalid \- Data unit in quartets: 2 Command chaining, length fields and logical channels: 60 \- Extended Lc and Le fields \- RFU (should not happen) \- Logical channel number assignment: No logical channel \- Maximum number of logical channels: 1 Mandatory status indicator (3 last bytes) LCS (life card cycle): 00 (No information given) SW: 9000 (Normal processing.) \+ TCK = 1C (correct checksum) Possibly identified card (using /nix/store/qd5x13g2kqlaj3rf5d6rvpdnbym3x9s1-pcsc-tools-1.7.2/share/pcsc/smartcard_list.txt): 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C OpenPGP Card V3I trying move RSA keys, it's work normal
I use waveshare rp2040 one, firmware version 2.2