gpg --card-status always create proxy private keys
Alon Bar-Lev
alon.barlev at gmail.com
Sat Feb 11 22:00:05 CET 2017
Hi,
This is a change in behaviour, I believe resulted by this[1] commit.
Everytime gpg --card-status is executed the proxy private keys at
~/.gnupg/private-keys-v1.d/ are created, also if no matching public
key in gpg.
It has the side effect of having duplicate keys when trying to
generate keys using gpg --card-edit without actually re-generate the
key on the card (return the same keygrip).
As a result usage of scd which only capable of reusing keys such as
PKCS#11 is now broken.
Interesting is that these keys are not available using gpg
--list-secret-keys as well so they cannot be removed.
If this change was intentional and keys should be cached when invoking
status even if not matching public keys, can you please consider
rewriting the same key when generating the keys?
----
Real name: test1
Email address: test1 at test.com
Comment:
You selected this USER-ID:
"test1 <test1 at test.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Key generation failed: File exists
---
Thanks,
Alon
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=82cbab906a3e72a98fdc16096f2f0451465969a2
More information about the Gnupg-devel
mailing list