Feature request: use existing key in --full-gen-key (was: gpg --card-status always create proxy private keys)

NIIBE Yutaka gniibe at fsij.org
Fri Feb 17 01:03:08 CET 2017

Peter Lebbing <peter at digitalbrains.com> wrote:
> As you can see in the parent thread, this is an actively desired feature
> for using non-OpenPGP crypto hardware with an OpenPGP emulation layer. A
> PKCS#11 Hardware Security Module for signing rpm's was mentioned. The
> feature has been implemented already by having this emulation layer use
> an existing key when "card-edit/generate" is invoked, rather than
> actually creating new keys. However, this broke because of changes in
> 2.1. It is my feeling that since we now have "Use existing key" as an
> explicit option for "edit-key/addkey", it makes sense to use this same
> mechanism for primary keys as well. In this way, the problem Alon
> Bar-Lev has is solved as well, and the functionality is more generic and
> consistent. People can use existing on-disk keys, existing smartcard
> keys on a real OpenPGP smartcard and existing smartcard keys on an
> emulated OpenPGP smartcard, all in the same manner.

Sounds good and consistent to me.  Thanks for your proposal.  I'll
consider implementation feasibility.

More information about the Gnupg-devel mailing list