gpg --card-status always create proxy private keys
NIIBE Yutaka
gniibe at fsij.org
Mon Feb 13 09:03:54 CET 2017
Alon Bar-Lev <alon.barlev at gmail.com> writes:
> This is a change in behaviour, I believe resulted by this[1] commit.
> Everytime gpg --card-status is executed the proxy private keys at
> ~/.gnupg/private-keys-v1.d/ are created, also if no matching public
> key in gpg.
>
> It has the side effect of having duplicate keys when trying to
> generate keys using gpg --card-edit without actually re-generate the
> key on the card (return the same keygrip).
>
> As a result usage of scd which only capable of reusing keys such as
> PKCS#11 is now broken.
I don't understand your description above. Could you elaborate?
BTW, the change which introduce creating a shadow key by --card-status
is this (not the one you addressed):
commit f3f9f9b2844c35f7942ee904d5222523615cdad4
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 12 12:35:45 2014 +0100
gpg: Let --card--status create a shadow key (card key stub).
--
More information about the Gnupg-devel
mailing list