card_status - change-request to update allways

NIIBE Yutaka gniibe at fsij.org
Thu Sep 21 11:55:40 CEST 2017


Hello,

I think that I understand your case (partially, at least).  I don't deny
existence of such a use case.  And I admit it is a bit difficult to do
manual removal of private key file.

I think that it is because of the (historical) decision or assumption
serial number of card can be stable identifier.  I want to fix this,
too.

Myonium <myonium at gmail.com> wrote:
> Would you prefer modifying stubs only in case the card changed?

Given the situation that GnuPG 2.2.x is bug fix only release(s), my idea
is avoiding small changes, but to introduce major change, real change
for card management, into master branch of GnuPG.

> To my understanding stubs are -in case of smart cards- only pointers
> indicating where to find the private key ….

Exactly.

It seems for me that we can remove this (non-)feature of recording
serial number in private key file, completely.

Currently, a serial number of the card is used as a kind of permanent
identifier of a card.  I think that we need to locate such assumptions
in the protocol and the implementation of gpg-agent and scdaemon.  Then,
we can fix them.

While T1983 was being fixed, gpg frontend introduced an access to
available card keys.  This is a step forward to use a serial number of
card as runtime/volatile identifier but not as permanent identifier.

I don't have whole picture at hand, not yet.  If possible, please help
us to locate the places in gpg-agent where it uses the recorded serial
number, and/or investigate how we can remove that.
-- 



More information about the Gnupg-devel mailing list