card_status - change-request to update allways
wk at gnupg.org
Mon Sep 25 10:05:47 CEST 2017
On Mon, 25 Sep 2017 03:07, gniibe at fsij.org said:
> Speaking about my use case, I identify my tokens by its enclosure, like
> blue one, red one, one with GPG logo, etc. In this use case, it is more
That would also benefit my uses cases. I use one Zeitcontrol card
which I am used to identify by the serial number (also in
authorized_keys) but for the Gnuk a "insert your standard gnuk" would be
a better description for me.
What about this idea: We move the S/N out of the s-expression used to
describe the key into a name tag field in the extended private key
format file. gnupg/agent/keyformat.txt has this description of the
exdended key format for quite some time:
Description: Key to sign all GnuPG released tarballs.
The key is actually stored on a smart card.
OpenSSH-cert: long base64 encoded string wrapped so that this
key file can be easily edited with a standard editor.
All fields except for Key: are optional. The "Description" field is
what it says and should be considered a plain comment on the key. My
proposal now would be to write such a stub key with a new field
Title: S/N 123456788990000
the first time a stub key is written or when it is updated. The serial
number would be the default but the user could at any time change that
to whatever is more appropriate to be shown by Pinentry. This would fix
the UI for key/card association.
What to do for checking whether the right card is inserted is a
different question, though. Maybe another field "Serial" which is used
for this unless "Title" is also set?
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel