SmartCard as subkey?
Werner Koch
wk at gnupg.org
Mon Nov 8 16:07:26 CET 2004
On Mon, 8 Nov 2004 15:37:23 +0100, Simon Richter said:
> then allow me to enter my PIN securely (takes over display and keyboard,
> blinks "Secure PIN entry" LED, sends the PIN to the card and returns. Is
> something like this supported in GPG already?
I have a CPR532 here and it works. What's missing is a way to tell
the upper layers that there is a PINPAD reader available and that it
should just pop up an informational window whiole the reader is
expecting a PIN.
> Also, would the following property names be acceptable:
Seems so. In gpg we use different names and put some balues into one
return line, see app-openpgp.c:do_getattr.
> Maybe it would be good to add a --export-secret-stubs command that exports
> only master key stubs and all valid subkeys that do not contain private
> key info?
Good point, will add such a feature.
> Also, the "General key info" now shows the keyid of the first subkey. Is
> there a way I can make it show the master key?
Should be no problem.
> And, last but not least, the "login" field is specified as "proprietary".
> Are there already any uses for this (I could, for example, add login
> functionality into the Sun OCF driver, but would not really like to
> conflict with existing implementations here)?
Suggested use is: Everything up to the first LF is used as an account
name, the second line is currently used for optional flags which are
not yes used (app-openpgp.c:parse_login_data). The next spec of the
card will feature a couple of arbitrary data fields some of them
protected by PINs. The account name is for example useful to be
displayed in a pinentry if a card has been inserted for login; the
flags might be used to allow login/access only with the card using a
known PIN.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list