Fwd: Re: Testing with card, some questions

Sven Klomp mail at klomp.eu
Tue Nov 16 12:29:01 CET 2010


I foward this message to the list. It seems that reply-to of the mailing-list configuration is not correctly set...


----------  Forwarded Message  ----------

Subject: Re: Testing with card, some questions
Date: Tuesday 16 November 2010, 11:40:49
From: "J. Ottosson" <j-001 at ottosson.nu>
To: Sven Klomp <mail at klomp.eu>

On 16 Nov 2010 at 11:15, Sven Klomp wrote:

> This seems to be a bug of scdaemon. Kill the daemon and gpg -card-status
> will have no information. Insert the card and the informations is
> available... You could also try to decrypt or sign a file, while the card
> is not inserted. It should fail...

Also, when having card OUT, in GPA GUI card-key is present, with also the icon 
indicating it is indeed a cmartcard key and when doing the backup the resulting 
file indeed have both public and private keys in it.. 

It feels like GPG has the keys in ordinary key files, but indicates nonetheless 
that the keys originates from the card, hence the icon, and is either way able 
to make the complete backup.

There is a slight risk of confusion here. There is the risk that I, the user, 
feels comfortable that the key is in (and only in) the card when that icons 
shows in the GUI.

I don't understand how that could be unless I somehow accidently and without 
realizing it imported the newly generated - and backed up - keys when looking at 
the backup file just after the smartcard keys were generated. And even so, 
perhaps somehow the user should be warned that key is not 'only' on the card, 
somehow.

Perhaps I should kill the keys and test again, without making backups this 
time.. Any other notes on the subject welcome.

/J


> 
> Regards
> Sven



-----------------------------------------



More information about the Gnupg-users mailing list