card_status - change-request to update allways

Werner Koch wk at
Mon Sep 25 10:05:47 CEST 2017

On Mon, 25 Sep 2017 03:07, gniibe at said:

> Speaking about my use case, I identify my tokens by its enclosure, like
> blue one, red one, one with GPG logo, etc.  In this use case, it is more

That would also benefit my uses cases.  I use one Zeitcontrol card
which I am used to identify by the serial number (also in
authorized_keys) but for the Gnuk a "insert your standard gnuk" would be
a better description for me.

What about this idea: We move the S/N out of the s-expression used to
describe the key into a name tag field in the extended private key
format file.  gnupg/agent/keyformat.txt has this description of the
exdended key format for quite some time:

  Description: Key to sign all GnuPG released tarballs.
    The key is actually stored on a smart card.
  Use-for-ssh: yes
  OpenSSH-cert: long base64 encoded string wrapped so that this
    key file can be easily edited with a standard editor.
  Key: (shadowed-private-key
    (n #00AA1AD2A55FD8C8FDE9E1941772D9CC903FA43B268CB1B5A1BAFDC900
    (e #00010001#)
    (shadowed t1-v1
     (#D2760001240102000005000011730000# OPENPGP.1)

All fields except for Key: are optional.  The "Description" field is
what it says and should be considered a plain comment on the key.  My
proposal now would be to write such a stub key with a new field

  Title: S/N 123456788990000

the first time a stub key is written or when it is updated.  The serial
number would be the default but the user could at any time change that
to whatever is more appropriate to be shown by Pinentry.  This would fix
the UI for key/card association.  

What to do for checking whether the right card is inserted is a
different question, though.  Maybe another field "Serial" which is used
for this unless "Title" is also set?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170925/07cd8701/attachment.sig>

More information about the Gnupg-devel mailing list