Niibe filed three bug reports on Debian Bug Tracking System. Those three fixes are needed for GnuPG 2.0.14 on Debian.
- Bug#603983: gnupg2: Signing with SHA256 by Smartcard
- Bug#603984: gnupg2: scdaemon: once error, no success any more
- Bug#603985: gnupg2: scdaemon sends SIGUSR2 to foreground gpg-agent
- See this patch, which add another check too.
All bug reports were already sent to gpg-devel mailing list.
Niibe added anothr patch for his GnuPG to enable SHA2:
Index: gnupg2-2.0.14/g10/sign.c =================================================================== --- gnupg2-2.0.14.orig/g10/sign.c 2009-09-22 01:53:51.000000000 +0900 +++ gnupg2-2.0.14/g10/sign.c 2011-01-12 13:52:50.000000000 +0900 @@ -415,24 +415,6 @@ return match_dsa_hash(qbytes); } - else if (sk->is_protected && sk->protect.s2k.mode==1002) - { - /* The sk lives on a smartcard, and current smartcards only - handle SHA-1 and RIPEMD/160. This is correct now, but may - need revision as the cards add algorithms. */ - - if(opt.personal_digest_prefs) - { - prefitem_t *prefs; - - for (prefs=opt.personal_digest_prefs;prefs->type;prefs++) - if (prefs->value==DIGEST_ALGO_SHA1 - || prefs->value==DIGEST_ALGO_RMD160) - return prefs->value; - } - - return DIGEST_ALGO_SHA1; - } else if (PGP2 && sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 ) { /* Old-style PGP only understands MD5 */
Besides, GnuPG's in stock ccid-driver (scd/ccid-driver.c) doesn't support the case of bChainParameter == 1, which Gnuk is using, thus fix is needed for the function bulk_in.