Private key transfer format
NIIBE Yutaka
gniibe at fsij.org
Fri Apr 10 07:01:58 CEST 2015
On 04/09/2015 11:00 PM, NIIBE Yutaka wrote:
> I thought it was a regression. In GnuPG 1.4 and 2.0, some people did
> --export-secret-keys for smartcard. Well, I naively tried to "fix"
> as a response to the bug report.
>
> Yes, I think that we can just drop the support of --export-secret-keys
> for smartcard, and fix documentations.
>
> Well, in my opinion, it is unlikely there are some smartcard users who
> expect serial number exact check by GnuPG with --export-secret-keys in
> a machine and --import on another machine.
Sorry, this attitude of mine is wrong somehow. It's my near sight, I
only considered about GnuPG. It's complicated.
Perhaps, this requires changing some existing practice(?, so to say).
I found a document with --export-secret-subkey for stub:
https://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups
And, it is described in FAQ of OpenKeychain:
http://www.openkeychain.org/faq/
Although exporting the stub was not intended feature in GnuPG 1.4 and
2.0, people used that (beyond GnuPG).
We could/should convince OpenKeychain (or other OpenPGP application,
if any) about handling of secret key stub; there is no need to export
and import secret key stub, but stub can be generated by smartcard
itself.
Let me confirm the current position of GnuPG 2.1: For new machine, it
is a public key of OpenPGP we need to import (or fetch) and stub
could/should be generated with a smartcard (gpg --card-status does
that).
Note that the background of the issue1937 [0] is exporting the stub
from GnuPG and importing it to OpenKeychain (that is, into different
application of OpenPGP).
[0] https://bugs.g10code.com/gnupg/issue1937
--
More information about the Gnupg-devel
mailing list