Ritlabs



PGP Card and signing e-mails

Search  Users  Rules 
Close
Login:
Password:
Forgot your password?
Register
Login
 
Pages: 1
RSS
PGP Card and signing e-mails
 
Hi,

is there anybody using some OpenPGP card with use with The Bat? I have personally Yubikey NEO with GPG applet and I've found very strange bug. Yubikey token is working fine with Gpg4win, also I'm using GnuPG implementation in The Bat. GnuPG works with card like with another private key ring. Everything is working ok except one thing - signing e-mails in The Bat using PGP/MIME. With this option is missing Content-Type header in part with message. This leads to incorrect displaying non ASCII chars, HTML mails shows like plain text and also attachments aren't recognized like attachments. When I generate key pair in Gpg4win to local disk Content-Type header is correctly added to the message. Also using inline PGP signature works ok even with Yubikey.

Have anybody tried to use some OpenPGP card with The Bat? Or have someone any idea why signing with card provide different result than with local key?
 
I bought a Yubikey Neo and will test this in the near future. I think RITLABS should work on a support for the Yubikey.
 
I think I have found what is causing this issue. And it's very funny :) The Bat normally uses own dialog for typing passphrase to private key. Passphrase is passed to gpg command via --passphrase-fd argument. To passphrase-fd argument is sent number of file descriptor where is passphrase written. The Bat uses standard input. And whole message is also passed via standard input to gpg command. With keys on disk this works - first line on standard input is passphrase which gpg use for unlock key. And then read rest of standard input, which is message. But on PGP Card you haven't any passphrase on key. You only have PIN to your card. And PIN to card is not possible to pass via --passphrase-fd argument. This cause that when you sign message with key on PGP Card and you sent passphrase-fd argument, gpg eat first line of message (because it thinks that this is passphrase which gpg won't use). In case of PGP-MIME first line is probably Content-Type header which is the reason why the header is missing... In inline PGP signing it only eats one line of message (which I probably didn't find out in tests) but headers are OK. Now I'm not sure who should fix this bug :) First, gpg shouldn't read passphrases on keys which don't require passphrase. On the other hand The Bat also shouldn't want type passphrase for keys which don't require it :)
Pages: 1
Users browsing this topic (2 guests)