Storing key on multiple smartcards
gniibe at fsij.org
Thu May 16 01:58:23 CEST 2019
Before changing the output of KEYINFO command of gpg-agent (for T4244),
I modified gpg-agent to relax the assumption/requirment of the map
between serialno and keys. In GnuPG, so far, there used to be an
assumption that serialno determines.
Now, by the master commit of 1091f22511e1a8259eb5c998f5c207ee95723a4a ,
we can use a token for backup which has different serialno.
I think that T4301 (using backup key in a different token) is now
I think that a bit more changes will be needed for better UI. For now,
it is only possible to use back up token, when the token is active
(after gpg --card-status [all]). Perhaps, it is better if KEYINFO
command of scdaemon initiates card/token scanning at first. Let us
T3416 would include other use cases. For using signing backup key in a
different token, it should work well. For something like selecting key
in an active token, gpg-frontend changes are needed as well. I keep
considering about that. If any suggestion for a good solution, please
let me know.
More information about the Gnupg-devel