I've marked this as a bug because the option is offered and It's a regression
from 2.0.x / 1.x
From g10/keygen.c line 4588 (gen_card_key_with_backup):
#if ENABLE_CARD_SUPPORT && 0
/* FIXME: Move this to gpg-agent. */
I've marked this as a bug because the option is offered and It's a regression
from 2.0.x / 1.x
From g10/keygen.c line 4588 (gen_card_key_with_backup):
#if ENABLE_CARD_SUPPORT && 0
/* FIXME: Move this to gpg-agent. */
I removed the not-working checkbkupkey subcommand in
44aee35e69540510617aea4b886ef845590960fe
I've tested to generate an rsa2048 key with backup on a v2.0 card and it works
now. I have not tested restoring from backup etc. But as this report was about
the failed generation, this issue is resolved imo.
Thanks!
There is a regression due to the regression fix in rGb30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7 (from Dec 24 2015) or some related commits:
Now that the key is first created in RAM, then secondly stored on the the card, and thirdly stored as a backup we may run in a timeout of the Pinentry for the backup key passphrase. The result is that we have a working key on the card but no backup.
Shall we handle this with additional retry prompts, w/o a timeout? I think this makes sense because creating keys with a backup file and a passphrase is a manual task anyway.
from a UI perspective, it's not obvious that the password prompt (or pinentry in general) does have a timeout and if so how long it will wait. if pinentry was able to show a countdown of some kind, at least you wouldn't be surprised when the dialog is disappearing. i would suggest a behaviour similar to grub, which stops counting down its configured timeout as soon as you enter anything. this, combined with a warning that the key will be written without a backup if you don't react at all for a while, wouldn't really solve the issue itself, but make things much more predictable (seeing there is a timeout, which stops when you start entering a passphrase).
Got a simple fix for this which does two things:
gpg: key 24CB456488071880AD5BA98AE3A434D57CA8C17C: error receiving key from agent: Timeout - skipped gpg: error getting secret key from agent: Timeout Warning: Although the key has been written to the card, a backup file was not properly written to the disk. You may want to repeat the entire operation or just create a new encryption key on the card. Key generation failed: Timeout