OpenPGP card, gpgsm, decrypt
Jörg Deckert
joergd at bitquell.de
Mon Sep 23 11:01:26 CEST 2013
> How did you create the key for S/MIME?
$ gpgsm --learn-card
$ LC_ALL=C gpgsm --gen-key > ~/joergd-csr.pem
gpgsm (GnuPG) 2.0.21; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA
(2) Existing key
(3) Existing key from card
Your selection? 3
Serial number of the card: D2760001240102000005000010B10000
Available keys:
(1) C080E663512A54C29D1D1108308AF44D28A0EBAE OPENPGP.1
(2) F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2 OPENPGP.2
(3) 719D81D0405AF65B1BEC322725CB23DCECE389C4 OPENPGP.3
Your selection? 3
Possible actions for a RSA key:
(1) sign, encrypt
(2) sign
(3) encrypt
Your selection? 1
Enter the X.509 subject name: C=DE, ST=Thueringen, L=Gera, O=Test, OU=Test,
CN=J D, EMAIL=joergd at bitquell.de
Enter email addresses (end with an empty line):
> joergd at bitquell.de
>
Enter DNS names (optional; end with an empty line):
>
Enter URIs (optional; end with an empty line):
>
Parameters to be used for the certificate request:
Key-Type: card:OPENPGP.3
Key-Length: 1024
Key-Usage: sign, encrypt
Name-DN: C=DE, ST=Thueringen, L=Gera, O=Test, OU=Test, CN=J D,
EMAIL=joergd at bitquell.de
Name-Email: joergd at bitquell.de
Then I have created a certificate from the request.
$ gpgsm --import CA-priv.crt
$ gpgsm --import joergd.crt
> Please run
> LC_ALL=C gpg --with-keygrip --list-secret-keys
> (I assume gpg2 is installed as gpg.)
$ LC_ALL=C gpg --with-keygrip --list-secret-keys
gpg: invalid option "--with-keygrip"
$ LC_ALL=C gpg --version
gpg (GnuPG) 2.0.21
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
> Please run
> LC_ALL=C gpgsm --with-keygrip --list-secret-keys
$ LC_ALL=C gpgsm --with-keygrip --list-secret-keys
gpgsm: invalid option "--with-keygrip"
Btw. the keygrips are in place (I think):
$ ls -1 ~/.gnupg/private-keys-v1.d/
719D81D0405AF65B1BEC322725CB23DCECE389C4.key
C080E663512A54C29D1D1108308AF44D28A0EBAE.key
F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2.key
--
Jörg Deckert
More information about the Gnupg-users
mailing list