Feature request: use existing key in --full-gen-key (was: gpg --card-status always create proxy private keys)

Peter Lebbing peter at digitalbrains.com
Wed Feb 15 11:55:34 CET 2017

Hello developers,

GnuPG 2.1 has the option to use an existing key when adding a subkey:

> $ gpg2 --expert --edit-key [KEYID]
> [...]
>> addkey
> Please select what kind of key you want:
> [...]
>   (13) Existing key
> Your selection? 

However, this is not an option when generating a new primary key. Could
we have this option for new primary keys as well? Option (13) could be
made available when doing:

> $ gpg2 --expert --full-gen-key
> [...]
> Please select what kind of key you want:
>    (1) RSA and RSA (default)
> [...]
>   (11) ECC (set your own capabilities)
> Your selection?

As you can see in the parent thread, this is an actively desired feature
for using non-OpenPGP crypto hardware with an OpenPGP emulation layer. A
PKCS#11 Hardware Security Module for signing rpm's was mentioned. The
feature has been implemented already by having this emulation layer use
an existing key when "card-edit/generate" is invoked, rather than
actually creating new keys. However, this broke because of changes in
2.1. It is my feeling that since we now have "Use existing key" as an
explicit option for "edit-key/addkey", it makes sense to use this same
mechanism for primary keys as well. In this way, the problem Alon
Bar-Lev has is solved as well, and the functionality is more generic and
consistent. People can use existing on-disk keys, existing smartcard
keys on a real OpenPGP smartcard and existing smartcard keys on an
emulated OpenPGP smartcard, all in the same manner.

On 14/02/17 21:49, Alon Bar-Lev wrote:
> Great, how can we push that?

How about this feature request? :-) Does it work for you?



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170215/5d47be3c/attachment.sig>

More information about the Gnupg-devel mailing list