gpg --card-status always create proxy private keys
Peter Lebbing
peter at digitalbrains.com
Tue Feb 14 20:39:27 CET 2017
On 14/02/17 20:31, Alon Bar-Lev wrote:
> This worked so far, as "card-edit/generate" returned existing key
I think that was not a GnuPG design decision but rather somewhat of a "hack" to
enable this use case? I don't think you can obtain this behaviour with a real
OpenPGP card, it's just something the emulation layer decided to do, right?
> The difference is that edit-key uses existing primary key and manage
> subkeys, while I need to support primary keys as well.
Right, yes, of course, silly of me.
> Yes, this should generate a primary key using existing private key.
> If this is acceptable it will be very nice.
And it would support this behaviour for real OpenPGP cards as well, not just for
the emulation layer interfacing to PKCS#11 cards. Plus, it makes the behaviour
obvious. It would not be obvious to me that "generate" actually didn't...
well... generate keys ;-).
Cheers,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170214/0deed506/attachment.sig>
More information about the Gnupg-devel
mailing list