After generating keys on the card succesfully a few times, it suddenly stopped working. Now I get “General Card Error” every time.
I have verified this behavior on Red Hat Enterprise Linux 7 and MacOS X 10.11.
I did a factory reset of the Nitrokey too but that didn’t help either.
Any hint?
Jan
That sounds wrong indeed. The most common issue is that GnuPG couldn’t access the device because Gnome-Keyring or some other tool is blocking the access. You can also try to execute “sudo gpg --card-status” which helps in case of wrong user permissions. If you can still not access the device you should send it back to us.
I have a similar problem. I have successfully transferred my gpg key to the Nitrokey Pro. I have two sub keys, sign and encrypt. I am able to sign, encrypt and decrypt without any problems. I now want to add an authentication sub key. I kill gnome-keyring, and then open 'gpg --edit-key ', and issuing the command ‘addcardkey’. This command first gives this information:
gpg> addcardkey
gpg: detected reader `Crypto Stick Crypto Stick v1.4 (000034160000000000000000) 00 00’
gpg: reader slot 0: not connected
gpg: reader slot 0: active protocol: T1
gpg: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
gpg: AID: D2 76 00 01 24 01 02 01 00 05 00 00 34 16 00 00
gpg: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00
gpg: Version-2 …: yes
gpg: Get-Challenge …: yes (2048 bytes max)gpg: Key-Import …: yes
gpg: Change-Force-PW1: yes
gpg: Private-DOs …: yes
gpg: Algo-Attr-Change: yes
gpg: SM-Support …: nogpg: Max-Cert3-Len …: 2048
gpg: Max-Cmd-Data …: 2048
gpg: Max-Rsp-Data …: 2048
gpg: Cmd-Chaining …: no
gpg: Ext-Lc-Le …: yes
gpg: Status Indicator: 05
gpg: GnuPG-No-Sync …: no
gpg: GnuPG-Def-PW2 …: no
gpg: Key-Attr-sign …: RSA, n=2048, e=32, fmt=std
gpg: Key-Attr-encr …: RSA, n=2048, e=32, fmt=std
gpg: Key-Attr-auth …: RSA, n=2048, e=32, fmt=std
Signature key …: A820 56BC 3786 9058 0679 B23E 1A6E 3094 D4DD 137D
Encryption key…: BE95 128D 1E80 9936 EC6C F595 38E6 CA1A 2FB2 7956
Authentication key: [none]
Then it asks me which subkey I want to generate, I answer 3 for Authentication key. I’m then asked for Admin PIN, then PIN, and then which keysize I want, I answer that last one by accepting the default by pressing enter. I then get the following response:
Key is protected.
gpg: secret key parts are not available
gpg: Nøkkelgenerering mislyktes: generell feil (Key generation failed, general error)
Am I doing something wrong, or is it some HW error with my Nitrokey?
Knut H.
SOLUTION:
As so often, the solution is quite simple. I had to use gpg2 to start edit-key like this:
gpg2 --expert --edit-key
The addcardey command then went smoothly.
Knut H.
Solution doesn’t apply to OP: generate key on device results in device error.
