Storing key on multiple smartcards

NIIBE Yutaka gniibe at
Thu May 16 01:58:23 CEST 2019


Before changing the output of KEYINFO command of gpg-agent (for T4244),
I modified gpg-agent to relax the assumption/requirment of the map
between serialno and keys.  In GnuPG, so far, there used to be an
assumption that serialno determines.

Now, by the master commit of 1091f22511e1a8259eb5c998f5c207ee95723a4a ,
we can use a token for backup which has different serialno.

I think that T4301 (using backup key in a different token) is now

I think that a bit more changes will be needed for better UI.  For now,
it is only possible to use back up token, when the token is active
(after gpg --card-status [all]).  Perhaps, it is better if KEYINFO
command of scdaemon initiates card/token scanning at first.  Let us
consider more.

T3416 would include other use cases.  For using signing backup key in a
different token, it should work well.  For something like selecting key
in an active token, gpg-frontend changes are needed as well.  I keep
considering about that.  If any suggestion for a good solution, please
let me know.

More information about the Gnupg-devel mailing list