SmartCard as subkey?

Werner Koch wk at gnupg.org
Mon Nov 8 16:07:26 CET 2004


On Mon, 8 Nov 2004 15:37:23 +0100, Simon Richter said:

> then allow me to enter my PIN securely (takes over display and keyboard,
> blinks "Secure PIN entry" LED, sends the PIN to the card and returns. Is
> something like this supported in GPG already?

I have a CPR532 here and it works.  What's missing is a way to tell
the upper layers that there is a PINPAD reader available and that it
should just pop up an informational window whiole the reader is
expecting a PIN.

> Also, would the following property names be acceptable:

Seems so.  In gpg we use different names and put some balues into one
return line, see app-openpgp.c:do_getattr.

> Maybe it would be good to add a --export-secret-stubs command that exports
> only master key stubs and all valid subkeys that do not contain private
> key info?

Good point, will add such a feature.

> Also, the "General key info" now shows the keyid of the first subkey. Is
> there a way I can make it show the master key?

Should be no problem.

> And, last but not least, the "login" field is specified as "proprietary".
> Are there already any uses for this (I could, for example, add login
> functionality into the Sun OCF driver, but would not really like to
> conflict with existing implementations here)?

Suggested use is: Everything up to the first LF is used as an account
name, the second line is currently used for optional flags which are
not yes used (app-openpgp.c:parse_login_data).  The next spec of the
card will feature a couple of arbitrary data fields some of them
protected by PINs. The account name is for example useful to be
displayed in a pinentry if a card has been inserted for login; the
flags might be used to allow login/access only with the card using a
known PIN.


Salam-Shalom,

   Werner




More information about the Gnupg-users mailing list