segfault when running addcardkey for OpenPGP smartcard

Bug #78120 reported by Fredrik Wendt
Affects Status Importance Assigned to Milestone
gnupg (Ubuntu)

Bug Description

Binary package hint: gnupg

I'm trying to follow the instructions on but I'm stuck on 4.2.2 - generate auth, sig and enc subkeys for my OpenPGP card.
I've had three results (in this order):
- success (took 12 seconds to generate key and write it to the card)
- segfault (see attached crash-file)
- non fatal errors (see below, last two lines show I'm running a swedish sv_SE locale)

Key expires at fre 26 jan 2007 21.54.27 CET
Is this correct? (y/N) y
Really create? (y/N) y
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: pcsc_transmit failed: not transacted (0x80100016)
gpg: apdu_send_simple(0) failed: general error
gpg: generating key failed
gpg: key generation failed: allmänt fel
gpg: Nyckelgenereringen misslyckades: allmänt fel

I'm using packages from efty.
ii gnupg 1.4.3-2ubuntu3.2
ii libpcsclite1 1.3.1-2
ii opensc 0.11.1-1

The card reader is a
  bcdUSB 2.00
  idVendor 0x04e6 SCM Microsystems, Inc.
  idProduct 0x5115 SCR335 SmartCard Reader

Revision history for this message
Fredrik Wendt (fredrik-wendt) wrote :

Attaching the crash file that was generated.

Revision history for this message
Jussi Kukkonen (jku) wrote : Confirming on Edgy

I can confirm this exact behaviour on Edgy: There are three possible outcomes to a 'addcardkey' command:
- error (exactly same as original poster)
- segfault (this actually comes after the key generation succeeds -- the results aren't saved in the keyring though)
- success (this is rare, very rare)

My card reader info:
* idVendor 0x04e6 SCM Microsystems, Inc.
* idProduct 0x5116 SCR331-LC1 SmartCard Reader

This may be of interest:

Revision history for this message
Jussi Kukkonen (jku) wrote : work-around

A work-around: Instead of using 'addcardkey', use first 'addkey' and then 'keytocard'. This worked flawlessly for me.

Some notes:
- use 1024 bit RSA (encrypt only), for the encryption key
- use 1024 bit RSA (sign only), for the signature and auth keys
- select the new sub key before 'keytocard' -- otherwise you'll end up putting your master key on the card

Changed in gnupg:
status: New → Confirmed
Revision history for this message
Daniel Leidert (dleidert-deactivatedaccount) wrote :

Is this still present in gnupg 1.4.9?

Thijs Kinkhorst (kink)
Changed in gnupg (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for gnupg (Ubuntu) because there has been no activity for 60 days.]

Changed in gnupg (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers