Label of OpenPGPcard (was: Identifier of OpenPGPcard)

NIIBE Yutaka gniibe at
Fri Apr 10 02:23:11 CEST 2015

On 04/10/2015 01:45 AM, Kristian Fiskerstrand wrote:
> And how would you differentiate in the case you have one smartcard
> with the primary key only kept securely and one smartcard for daily
> use with subkeys only?

Thank you for this use case.  I didn't consider this specific case.

No, it is not possible to differentiate by an identifier in this case.
Well, I shouldn't call it identifier, perhaps.  Let me call it label.

In the case of primary key only smartcard and subkeys only smartcard
under same primary key, it will be obvious that each smartcard will
have the information needed (primary key, or subkey) or not.  A user
can examine by gpg --card-status.

Let me rephrase the questions:

    (1) What kind of information should be there in a stub when
        private key is on a smartcard?

    (2) How we should prompt a user for different smartcard?

For (1), I think that a label (of primary key fingerprint) make sense.
I consider a serial number would be questionable (if user doesn't pay
much attention).

For (2), I think that it is user-friendly to be asked:

     Please insert a smartcard for primary key YYY...YYY.


     Please insert a smartcard for subkey XXX...XXX
     of primary key YYY...YYY.

I mean, it would be just confusing to be asked with serial number

     Please insert a smartcard with SS...SS
     for key XXX...XXX

More information about the Gnupg-devel mailing list