Identifier of OpenPGPcard (was: Private key transfer format)
NIIBE Yutaka
gniibe at fsij.org
Thu Apr 9 18:38:23 CEST 2015
On 04/10/2015 12:17 AM, Werner Koch wrote:
> FWIW, there is a bug report that moving a key from one smart card to
> another does not update the stub file. We may want to check for
> conflicting serial number is a stub file and either a) update the stub
> file with the new serial number or b) allow to store several serial
> numbers in one stub file. The latter would be useful if several persons
> have a smartcard with the same key and use the same box or if you create
> several smartcards for backup purposes.
I'm considering an option of not having serial number in a stub file
at all... and... this let me consider how we (should) identify a
smartcard.
Suppose that a user doesn't (need to) recognize the serial number,
then, I think that a serial number in a stub file is only useful a bit
when GnuPG asked users to insert another smartcard when a different
smartcard is inserted already.
Suppose that new hypothetical OpenPGPcard will be identified by a
fingerprint of primary key or User ID, then it would be much better to
show the fingerprint (or User ID) to users.
In OpenPGP, a single primary RSA/DSA/ECC/whatever key can be used by
multiple User IDs. Considering this situation, it seems for me that a
fingerprint of primary key should be an identifier of a smartcard
(even when all are subkeys and no primary key on a smartcard).
In fact, Gnuk has a feature to register its serial number by a user.
But it seems that it's only me who use this feature. Perhaps, it
suggests that people don't have a practice to recognize the serial
number as an identifier.
Any thought?
--
More information about the Gnupg-devel
mailing list