Web lists-archives.com

Re: signing commits using gpg2




On Sat, Sep 02, 2017 at 05:11:50PM -0400, shawn wilson wrote:
> tl;dr - how do I get git to use gpg2 to sign things?
> 
> I'm using gpg2 (so no agent options are configured but an agent is
> running) which is configured w/ a Nitrokey (Pro if it matters):
> 
>  % git commit -m "Initial."
> 
>                                  gits/bash-libs (master ⚡) localhost
> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel:
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel: c
> gpg: selecting openpgp failed: general error
> gpg: signing failed: general error
> gpg: signing failed: general error
> error: gpg failed to sign the data
> fatal: failed to write commit object

This seems to be an issue with your gpg agent configuration (even if
there is none). 

I can't seem to reproduce, although I don't have a nitrokey, so this is
most likely an issue with either:

- the PIV/CCID interface of the nitrokey using gpg2. I"m not familiar
  enough with nitrokeys to debug this, but keys are usually super
  paranoid when signing arbitrary buffers.
- the fork call within git on gpg2. 

I think the second one is rather unlikely, but it's worth giving it a
try...

                                                          ~ localhost
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v2
> [SNIPPED]
> -----END PGP MESSAGE-----
> 

I noticed you didn't try gpg2 -d foo.gpg? Am I missing something?

> However, if I try this w/ the old gpg:
> 
>  % gpg -ae -o foo.gpg foo
> 
>                                                          ~ localhost
>  % gpg -d foo.gpg
> 
>                                                          ~ localhost
> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel: c
> gpg: selecting openpgp failed: general error
> gpg: encrypted with 3072-bit RSA key, ID 41826CFB, created 2017-03-13
>       "Shawn Wilson <ag4ve.us@xxxxxxxxx>"
> gpg: public key decryption failed: general error
> gpg: decryption failed: secret key not available

This feels like an issue with the interface to the key itself. Can you
start a non-detached agent with --verbose to see exactly where it blows up?

We probably want to continue this offlist as this seems more of a gpg
issue rather than git. We can always come back if we figure out this is
something git related :)

Cheers!
-Santiago.

Attachment: signature.asc
Description: PGP signature