Hi, I have problems using gpg with a smartcard for ssh auth.
pinentry is working with smartcard and authentication works, but when using gpg agent, it fails.
gpg-agent.conf looks like this:
pinentry-program /opt/homebrew/bin/pinentry-mac
enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200
log-file /Users/axel/.gnupg/gpg-agent.log
verbose
debug-level guru
When I run a clearsign test :
echo "Test" | gpg --clearsign
I am getting this error:
gpg: Beglaubigung fehlgeschlagen: Zeitüberschreitung
gpg: [stdin]: clear-sign failed: Zeitüberschreitung
englisch:
gpg: Verification failed: timed out
gpg: [stdin]: clear-sign failed: timed out
the same happens when I connect over SSH to my server where the public key is stored and I enter the pin in pinentry prompt:
debug1: Offering public key: cardno:00_000_000 ECDSA SHA256: XXX1 agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: cardno:00_000_000 RSA XXX2 agent
debug1: Server accepts key: cardno:00_000_000 RSA SHA256:XXX2 agent
sign_and_send_pubkey: signing failed for RSA "cardno:00_000_000" from agent: agent refused operation
(I changed cardno to 00_000_000 and SHA to XXX1 and XXX2 for security reasons)
There is an error with signing but I don’t know what exactly is the error, also when I enter a wrong pin in pinentry, it gives me a “false pin” error so I assume that agent is communicatig with pinentry.
I am working with latest versions of pinentry and gnupg on a Mac M2
Thanks for any help
