Storing key on multiple smartcards

Werner Koch wk at gnupg.org
Wed May 8 08:26:04 CEST 2019 

On Tue,  7 May 2019 10:21, gniibe at fsij.org said:

> # TYPE is describes the type of the key:
> #     'D' - Regular key stored on disk,
> #     'T' - Key is stored on a smartcard (token),
> #     'X' - Unknown type,
> #     '-' - Key is missing.
> # 
> # SERIALNO is an ASCII string with the serial number of the
> #          smartcard.  If the serial number is not known a single
> #          dash '-' is used instead.
> # 
> # IDSTR is the IDSTR used to distinguish keys on a smartcard.  If it
> #       is not known a dash is used instead.
> # 
> # CACHED is 1 if the passphrase for the key was found in the key cache.
> #        If not, a '-' is used instead.
> # 
> # PROTECTION describes the key protection type:
> #     'P' - The key is protected with a passphrase,
> #     'C' - The key is not protected,
> #     '-' - Unknown protection.
> # 
> # FPR returns the formatted ssh-style fingerprint of the key.  It is only
> #     printed if the option --ssh-fpr has been used.  If ALGO is not given
> #     to that option the default ssh fingerprint algo is used.  Without the
> #     option a '-' is printed.
> # 
> # TTL is the TTL in seconds for that key or '-' if n/a.
> # 
> # FLAGS is a word consisting of one-letter flags:
> #       'D' - The key has been disabled,
> #       'S' - The key is listed in sshcontrol (requires --with-ssh),
> #       'c' - Use of the key needs to be confirmed,
> #       '-' - No flags given.
> # 
> # More information may be added in the future.
>
> I'm going to modify this, to distinguish a key on card which is
> inserted, and a key on card which is not inserted.  This can be either:
>
> (1) For key on inserted card, add another flag into FLAGS (say, 'A' for
>     active),

I think that is the proper solution. 

> (2) Introduce new TYPE (say, 'O' for offline) and change the semantics
> of 'T' meaning inserted card.

Alsthough I don't think we will run into problems with that it is not as
clear as using an extra flag.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190508/dcc1e3a8/attachment.sig>

More information about the Gnupg-devel mailing list