Niibe filed three bug reports on Debian Bug Tracking System. Those three fixes are needed for GnuPG 2.0.14 on Debian.
- Bug#603983: gnupg2: Signing with SHA256 by Smartcard
- Bug#603984: gnupg2: scdaemon: once error, no success any more
- Bug#603985: gnupg2: scdaemon sends SIGUSR2 to foreground gpg-agent
- See this patch, which add another check too.
All bug reports were already sent to gpg-devel mailing list.
Niibe added anothr patch for his GnuPG to enable SHA2:
Index: gnupg2-2.0.14/g10/sign.c
===================================================================
--- gnupg2-2.0.14.orig/g10/sign.c 2009-09-22 01:53:51.000000000 +0900
+++ gnupg2-2.0.14/g10/sign.c 2011-01-12 13:52:50.000000000 +0900
@@ -415,24 +415,6 @@
return match_dsa_hash(qbytes);
}
- else if (sk->is_protected && sk->protect.s2k.mode==1002)
- {
- /* The sk lives on a smartcard, and current smartcards only
- handle SHA-1 and RIPEMD/160. This is correct now, but may
- need revision as the cards add algorithms. */
-
- if(opt.personal_digest_prefs)
- {
- prefitem_t *prefs;
-
- for (prefs=opt.personal_digest_prefs;prefs->type;prefs++)
- if (prefs->value==DIGEST_ALGO_SHA1
- || prefs->value==DIGEST_ALGO_RMD160)
- return prefs->value;
- }
-
- return DIGEST_ALGO_SHA1;
- }
else if (PGP2 && sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
{
/* Old-style PGP only understands MD5 */
Besides, GnuPG's in stock ccid-driver (scd/ccid-driver.c) doesn't support the case of bChainParameter == 1, which Gnuk is using, thus fix is needed for the function bulk_in.