romanz / trezor-agent

Hardware-based SSH/GPG/age agent
GNU Lesser General Public License v3.0
563 stars 152 forks source link

[gpg] Unable to init gpg identity #457

Open valebedu opened 11 months ago

valebedu commented 11 months ago

Data

Issue

When I run ledger-gpg in order to init gpg identity I had 2 prompts on my ledger to continue and then after "please confirm GPG signature on LedgerNanoS for "<gpg://John Doe john.doe@example.com|nist256p1>" I didn't have anything prompted on my ledger and instead got this "6b00" input but I didn't have any message on my ledger and didn't input anything.

FYI I can use ledger-agent to generate ssh keys, it works perfectly.

Full logs:

ledger-gpg init -v "John Doe <john.doe@example.com>"
DISPLAY not defined
2023-09-25 09:33:50,321 WARNING      This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__init__.py:118]
2023-09-25 09:33:50,340 INFO         device name: ledger                                                                                  [__init__.py:126]
2023-09-25 09:33:50,340 INFO         GPG home directory: /Users/johndoe/.gnupg/ledger                                                        [__init__.py:131]
2023-09-25 09:33:50,352 WARNING      NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=0" commandline flag (to set the timestamp of the GPG key manually). [__init__.py:33]
HID => b001000000
HID <= 010d5353482f504750204167656e7405302e302e3801029000
HID => 8002000115058000000de05ebea48ae7be9efc2f4d65822634d6
HID <= 41048f8562ad5dd83b2c62557b38a355a08103a33f35df703f63767f354a22e83d12b3cf327323e54d5cf2d7ce438c2f95f0e7a297caf068b907f4fc62716dd73b179000
HID => b001000000
HID <= 010d5353482f504750204167656e7405302e302e3801029000
HID => 80020001150580000011e05ebea48ae7be9efc2f4d65822634d6
HID <= 410466afcfcd43f05ec2bd16cea905e7607ab23acd8a79b890bf5e7b3e854d417c1e83fef4b44077547ad97d5a804c1a53e86ae8eedb39059a2a22661e4ffcd59d7d9000
2023-09-25 09:33:55,746 INFO         creating new nist256p1 GPG primary key for "John Doe <john.doe@example.com>"                         [__init__.py:62]
2023-09-25 09:33:55,746 INFO         please confirm GPG signature on LedgerNanoS for "<gpg://John Doe <john.doe@example.com>|nist256p1>"... [client.py:32]
HID => b001000000
HID <= 010d5353482f504750204167656e7405302e302e3801029000
HID => 8008800135058000000de05ebea48ae7be9efc2f4d65822634d6ca486848c7c176834b55d2583a3b070689e506a09b1dbcbcef2a9c9332daadb6
HID <= 6b00
Traceback (most recent call last):
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/device/ledger.py", line 134, in sign
    result = bytearray(self.conn.exchange(bytes(apdu)))
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/ledgerblue/comm.py", line 157, in exchange
    raise CommException("Invalid status %04x (%s)" % (sw, possibleCause), sw, response)
ledgerblue.commException.CommException: Exception : Invalid status 6b00 (Unknown reason)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/bin/ledger-gpg", line 8, in <module>
    sys.exit(gpg_tool())
             ^^^^^^^^^^
  File "/opt/homebrew/bin/ledger_agent.py", line 6, in <lambda>
    gpg_tool = lambda: libagent.gpg.main(DeviceType)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/__init__.py", line 331, in main
    return args.func(device_type=device_type, args=args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/__init__.py", line 182, in run_init
    export_public_key(device_type, args))
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/__init__.py", line 73, in export_public_key
    result = encode.create_primary(user_id=args.user_id,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/encode.py", line 39, in create_primary
    signature = protocol.make_signature(
                ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/protocol.py", line 273, in make_signature
    params = signer_func(digest=digest)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/gpg/client.py", line 38, in sign
    sig = self.device.sign(blob=digest, identity=identity)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/lib/python3.11/site-packages/libagent/device/ledger.py", line 136, in sign
    raise interface.DeviceError(
libagent.device.interface.DeviceError: Error (Exception : Invalid status 6b00 (Unknown reason)) communicating with LedgerNanoS
romanz commented 11 months ago

@cbouvet-ledger could you please take a look?

valebedu commented 9 months ago

@cbouvet-ledger any idea ?

romanz commented 9 months ago

Pinging https://github.com/LedgerHQ/app-ssh-agent maintainers: @yhql @sgliner-ledger

romanz commented 9 months ago

@btchip Could you please help to connect us with the maintainer of the Ledger protocol to help with debugging the communication error above?