Bug 353252

Summary: Certification fails with "Allgemeiner Fehler" (Common Failure)
Product: [Applications] kleopatra Reporter: kdefix
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: major CC: aheinecke, bjoernv, mutz
Priority: NOR    
Version: 2.2.0   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed In: gpg4win 3
Sentry Crash Report:

Description kdefix 2015-09-27 18:53:26 UTC 
With Windows 10 and gpg4win / kleopatra 2.2.0 I imported a certificate created with support of Yubikey Neo. I also own a yubikey certificate.

When I certify the imported certififace with my own certicate, I need to enter a pin. When I entered a pin (validity of the pin does not matter) and proceed, I get a common failure.

Reproducible: Always

Steps to Reproduce:
1. Create own yubikey-Certificate
1.1 Proceed accordingly to https://www.yubico.com/2012/12/yubikey-neo-openpgp/
2. Import a Yubikey-created certificate of a friend
2.1 Click "Import certificate"
2.2 Choose the certificate file
2.3 Click open
2.4 Click ok in the window saying that the import was successful
3. Certifiy his/her certificate
3.1 Select the imported certificate
3.2 Rightclick on it and select "certify certificate"
3.3 Select the correct certificate
3.4 Select the checkbox to say the fingerprint has been checked
3.5 Make sure Yubikey Neo is inserted
3.6 Make sure Yubikey Neo keeps glooming
3.5 Click ok
3.6 Enter correct PIN for the Yubikey NEO PGP key

Actual Results:  
After entering the pin there is a message saying "Das Zertifikat kann nicht beglaubigt werden. Fehler: Allgemeiner Fehler" (meaning: The certificate cannot be certified. Error: Common Failure)

Expected Results:  
When entering the correct pin, a message saying "Certification successful" should appear and the imported key should be certified.
Comment 1 kdefix 2015-09-29 16:44:42 UTC 
In order to check Yubikey Neo I opened a ticket at Yubico: Ticket 00012836

When signing the key in command line with gpg --sign-key, the key was signed properly.

I therefore assume that Yubikey Neo works properly.
Comment 2 kdefix 2016-02-22 21:33:04 UTC 
This behaviour could be reproduced with Windows 7
Comment 3 Andre Heinecke 2016-04-29 16:09:39 UTC 
Git commit 73dbcc6bd8609d7db57c191fbb12544eb3da1186 by Andre Heinecke.
Committed on 29/04/2016 at 16:08.
Pushed by aheinecke into branch 'Applications/16.04'.

Handle PINENTRY_LAUNCHED status in editinteractor

With GnuPG 2.1 we will get a PINENTRY_LAUNCHED status Kleopatra
would error out on this status as it was unkown.
As the status was new in gpgme 1.5.0 we guard it with an ifdef
to avoid raising the requirement. In older versions this
problem might have been caused by the option allow-pinentry-notify.

This fixes various problems in Kleopatra (adding user id's,
verifying certificates) that would fail if the passphrase/pin was
not cached.

M  +6    -0    src/editinteractor.cpp

http://commits.kde.org/gpgmepp/73dbcc6bd8609d7db57c191fbb12544eb3da1186
Comment 4 Andre Heinecke 2016-04-29 16:12:35 UTC 
I'm not sure if this fixes your problem, but I got the general error failure reliably using GnuPG2.1 under GNU/Linux. The mentioned commit fixed that.

With 2.0.x I think though that you would have to have the option "allow-pinentry-notify" in your gpg-agent.conf so this might not be your bug.

The fix mentioned above will be part of the next Gpg4win-3.0 beta, I'll try to remember to ping here once We've published that so that you may check if this fixes your issue, too.
Comment 5 kdefix 2016-04-29 16:24:25 UTC 
Thank you, I am looking forward to retest that bug.