gpg --card-status always create proxy private keys

Peter Lebbing peter at
Tue Feb 14 20:39:27 CET 2017

On 14/02/17 20:31, Alon Bar-Lev wrote:
> This worked so far, as "card-edit/generate" returned existing key

I think that was not a GnuPG design decision but rather somewhat of a "hack" to
enable this use case? I don't think you can obtain this behaviour with a real
OpenPGP card, it's just something the emulation layer decided to do, right?

> The difference is that edit-key uses existing primary key and manage
> subkeys, while I need to support primary keys as well.

Right, yes, of course, silly of me.

> Yes, this should generate a primary key using existing private key.
> If this is acceptable it will be very nice.

And it would support this behaviour for real OpenPGP cards as well, not just for
the emulation layer interfacing to PKCS#11 cards. Plus, it makes the behaviour
obvious. It would not be obvious to me that "generate" actually didn't...
well... generate keys ;-).



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170214/0deed506/attachment.sig>

More information about the Gnupg-devel mailing list