card_status - change-request to update allways

Werner Koch wk at gnupg.org
Mon Sep 25 10:05:47 CEST 2017 

On Mon, 25 Sep 2017 03:07, gniibe at fsij.org said:

> Speaking about my use case, I identify my tokens by its enclosure, like
> blue one, red one, one with GPG logo, etc.  In this use case, it is more

That would also benefit my uses cases.  I use one Zeitcontrol card
which I am used to identify by the serial number (also in
authorized_keys) but for the Gnuk a "insert your standard gnuk" would be
a better description for me.

What about this idea: We move the S/N out of the s-expression used to
describe the key into a name tag field in the extended private key
format file.  gnupg/agent/keyformat.txt has this description of the
exdended key format for quite some time:

  Description: Key to sign all GnuPG released tarballs.
    The key is actually stored on a smart card.
  Use-for-ssh: yes
  OpenSSH-cert: long base64 encoded string wrapped so that this
    key file can be easily edited with a standard editor.
  Key: (shadowed-private-key
    (rsa
    (n #00AA1AD2A55FD8C8FDE9E1941772D9CC903FA43B268CB1B5A1BAFDC900
    2961D8AEA153424DC851EF13B83AC64FBE365C59DC1BD3E83017C90D4365B4
    83E02859FC13DB5842A00E969480DB96CE6F7D1C03600392B8E08EF0C01FC7
    19F9F9086B25AD39B4F1C2A2DF3E2BE317110CFFF21D4A11455508FE407997
    601260816C8422297C0637BB291C3A079B9CB38A92CE9E551F80AA0EBF4F0E
    72C3F250461E4D31F23A7087857FC8438324A013634563D34EFDDCBF2EA80D
    F9662C9CCD4BEF2522D8BDFED24CEF78DC6B309317407EAC576D889F88ADA0
    8C4FFB480981FB68C5C6CA27503381D41018E6CDC52AAAE46B166BDC10637A
    E186A02BA2497FDC5D1221#)
    (e #00010001#)
    (shadowed t1-v1
     (#D2760001240102000005000011730000# OPENPGP.1)
    )))

All fields except for Key: are optional.  The "Description" field is
what it says and should be considered a plain comment on the key.  My
proposal now would be to write such a stub key with a new field

  Title: S/N 123456788990000

the first time a stub key is written or when it is updated.  The serial
number would be the default but the user could at any time change that
to whatever is more appropriate to be shown by Pinentry.  This would fix
the UI for key/card association.  

What to do for checking whether the right card is inserted is a
different question, though.  Maybe another field "Serial" which is used
for this unless "Title" is also set?



Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170925/07cd8701/attachment.sig>

More information about the Gnupg-devel mailing list