Ubuntu
gnupg2 package

scdaemon timeout (suspected IPC bug): guru logs included

Bug #1979869 reported by Brett Holman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnupg2 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Resetting my (YubiKey 5 NFC) PIN stopped working. I believe I was on Impish (now Jammy) when I last reset it. Based on the scdaemon logs it looks like my initial admin PIN is received and scdaemon makes a second INQUIRE NEEDPIN request for the updated password. However, scdaemon never receives a response to the second request.

$ export GPG_TTY=$(tty)
$ echo $GPG_TTY
/dev/pts/8
$ tty
/dev/pts/8
$ gpg --edit-c

Application type .: OpenPGP
PIN retry counter : 0 0 3
<snip>
gpg/card> passwd
gpg: OpenPGP card no. <snip> detected
Enter passphrase: <- hangs indefinitely

I enabled scdaemon logging in guru mode and here are the bits that look relevant to me (the last 8 lines):

2022-06-24 20:15:24 scdaemon[305860] DBG: chan_14 -> OK
2022-06-24 20:15:24 scdaemon[305860] DBG: chan_14 <- PASSWD 1
2022-06-24 20:15:24 scdaemon[305860] DBG: asking for PIN '||Please enter the PIN'
2022-06-24 20:15:24 scdaemon[305860] DBG: chan_14 -> INQUIRE NEEDPIN ||Please enter the PIN
2022-06-24 20:15:29 scdaemon[305860] DBG: chan_14 <- [ <snip> ...(<snip> byte(s) skipped) ]
2022-06-24 20:15:29 scdaemon[305860] DBG: chan_14 <- END
2022-06-24 20:15:29 scdaemon[305860] DBG: asking for PIN '|N|New PIN'
2022-06-24 20:15:29 scdaemon[305860] DBG: chan_14 -> INQUIRE NEEDPIN |N|New PIN

To me it looks like whatever is on the other end of chan_14 never received the message, because the prompt "Enter passphrase:" is never updated (I think it's supposed to say "Enter new passphrase" or similar after the second INQUIRE NEEDPIN is sent from scdaemon).

Please let me know if further information is needed. I can share more logs if required and potentially test a fix (depending on the timeline).

Obligatory:
----------

Description: Ubuntu 22.04 LTS
Release: 22.04

ii gpg-agent 2.2.27-3ubuntu2 amd64 GNU privacy guard - cryptographic agent
ii scdaemon 2.2.27-3ubuntu2 amd64 GNU privacy guard - smart card support

Brett Holman (holmanb)
summary: - scdaemon: PIN Reset Fails On Second PIN Entry (guru logs included)
+ scdaemon IPC bug: guru logs included
Revision history for this message
Brett Holman (holmanb) wrote : Re: scdaemon IPC bug: guru logs included

Is this the correct place to file the bug?

summary: - scdaemon IPC bug: guru logs included
+ scdaemon timeout (suspected IPC bug): guru logs included
Revision history for this message
Brett Holman (holmanb) wrote :

Last weekend I installed a different distro[1] on an old laptop to compare, and this bug doesn't exist there. Looks like this probably a software bug is specific to Ubuntu. I'm happy to gather any other requested information in the near future to help with resolving this bug, but since I've "solved my problem", so to say, I guess I don't care as much any more.

[1] Gentoo: it looks like 2.2.35-r1 is the version, and it only has 2 tiny patches, in case this helps: https://github.com/gentoo/gentoo/blob/master/app-crypt/gnupg/gnupg-2.2.35-r1.ebuild

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.