Prompting for two different challenge codes at once

Question

Prompting for two different challenge codes at once

Opened this issue 2 years ago · 1 comments

After executing onlykey-gpg init "Name <email>"
The prompt for the 3 digit challenge code appears, but after pressing the first digit, I am being asked for a second, different challenge code. Typing the second digit causes the error below. None of the two codes are accepted, it always crashes after the second digit.

OnlyKey v2.1.2-prodc
onlykey-agent=1.1.13
lib-agent=1.0.4


$ rm .gnupg/onlykey -rf; onlykey-gpg init "Name <email>"
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
3 6 3
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
1 1 3
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: error reading key: No secret key
Traceback (most recent call last):
  File "/nix/store/4xdxhkmadnxspak0c8lhcqfc2ngx65l1-onlykey-agent-1.1.13/bin/.onlykey-gpg-wrapped", line 9, in <module>
    sys.exit(gpg_tool())
  File "/nix/store/4xdxhkmadnxspak0c8lhcqfc2ngx65l1-onlykey-agent-1.1.13/lib/python3.9/site-packages/onlykey_agent/__init__.py", line 6, in <lambda>
    gpg_tool = lambda: libagent.gpg.main(DeviceType)
  File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 392, in main
    return args.func(device_type=device_type, args=args)
  File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 226, in run_init
    check_call(keyring.gpg_command(['--homedir', homedir,
  File "/nix/store/1kswc7h6ns4658pkymcfp0j8ss11wanb-python3.9-libagent-1.0.4/lib/python3.9/site-packages/libagent/gpg/__init__.py", line 114, in check_call
    subprocess.check_call(args=args, stdin=stdin, env=env)
  File "/nix/store/j652sgyb3137c19v5vy5ziaarw5k5bf6-python3-3.9.15/lib/python3.9/subprocess.py", line 373, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/nix/store/1zxblwdng71wsl4lwwpl5gm1k533c1pi-gnupg-2.3.6/bin/gpg', '--homedir', '/home/username/.gnupg/onlykey', '--list-secret-keys', 'Name <email>']' returned non-zero exit status 2.

Answer 1 · 2022-11-21T21:03:31.000Z

Hey I wasn't able to replicate this. To use the GPG agent you do need to set derived key challenge mode to press only.

https://docs.onlykey.io/onlykey-agent.html#setting-derived-key-user-input-mode

% onlykey-gpg init "Name <email>"
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
3 5 4
Enter the 3 digit challenge code on OnlyKey to authorize <gpg://Name <email>|ed25519>
6 3 6
gpg: inserting ownertrust of 6
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
sec   ed25519 1970-01-01 [SC]
      649BED8398B2593790FDC7DA
uid           [ultimate] Name <email>
ssb   cv25519 1970-01-01 [E]