When I received it in April, I followed some procedure to generate all 3 keys on the stick itself.
This week I wanted to really start using the stick for full disk encryption and ssh authentication.
I was following this procedure to generate some new keys: bress.net/blog/archives/203- … Guard.html
Most things worked smoothly, except for the authentication key. Importing the two keys from disk worked nicely, and I can encrypt/decrypt stuff with the key on the stick. Whenever I execute “addcardkey” it asks for the admin pin and the key pin. Then instead of generating the new authentication key, I get the following error: “secret key not available”
I can only guess that this is because the authentication key that should be overwritten belongs to a primary key that’s no longer available.
But since it should we replaced, this should not matter right?
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
card has been reset to factory defaults[/code]
And nothing is reset:
gpg --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: 6F5E 3DFA CE04 8173 C0DD FFE8 7D9D 3507 1B8B 9CBA
created ....: 2012-06-06 22:47:31
Encryption key....: D954 F956 D9E2 6EAD D1F3 6807 10C6 210E 14C2 BBF6
created ....: 2012-06-06 22:45:49
Authentication key: 8F87 E9F0 C83F F455 EB57 78BD 92ED 7B54 0E9D C08D
created ....: 2012-04-14 20:47:55
General key info..: pub 2048R/1B8B9CBA 2012-06-06 Richard Ulrich (ulrichard) <richi@paraeasy.ch>
sec# 2048R/A0B7C771 created: 2012-06-06 expires: 2017-06-05
ssb> 2048R/14C2BBF6 created: 2012-06-06 expires: 2017-06-05
card-no: 0005 0000115F
ssb> 2048R/1B8B9CBA created: 2012-06-06 expires: 2017-06-05
card-no: 0005 0000115F
Running as root didn’t change a thing. I could not reset the stick. I also tried on different computers running either ubunto or debian.
But I generated an entirely new private key, and putting all the sub keys from this onto the stick worked.
I think part of the problem was that I generated the authentication subkey after I had some other sub keys already trasnfered to the stick.
Now that worked, but another problem appeared. Signing eMails doesn’t work anymore. I’ll open another thread for that.