OpenPGP card, gpgsm, decrypt

Jörg Deckert joergd at bitquell.de
Mon Sep 23 11:01:26 CEST 2013 

> How did you create the key for S/MIME?

$ gpgsm --learn-card
$ LC_ALL=C gpgsm --gen-key > ~/joergd-csr.pem
gpgsm (GnuPG) 2.0.21; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA
   (2) Existing key
   (3) Existing key from card
Your selection? 3
Serial number of the card: D2760001240102000005000010B10000
Available keys:
   (1) C080E663512A54C29D1D1108308AF44D28A0EBAE OPENPGP.1
   (2) F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2 OPENPGP.2
   (3) 719D81D0405AF65B1BEC322725CB23DCECE389C4 OPENPGP.3
Your selection? 3
Possible actions for a RSA key:
   (1) sign, encrypt
   (2) sign
   (3) encrypt
Your selection? 1
Enter the X.509 subject name: C=DE, ST=Thueringen, L=Gera, O=Test, OU=Test, 
CN=J D, EMAIL=joergd at bitquell.de        
Enter email addresses (end with an empty line):
> joergd at bitquell.de
> 
Enter DNS names (optional; end with an empty line):
> 
Enter URIs (optional; end with an empty line):
> 
Parameters to be used for the certificate request:
    Key-Type: card:OPENPGP.3
    Key-Length: 1024
    Key-Usage: sign, encrypt
    Name-DN: C=DE, ST=Thueringen, L=Gera, O=Test, OU=Test, CN=J D, 
EMAIL=joergd at bitquell.de
    Name-Email: joergd at bitquell.de

Then I have created a certificate from the request.

$ gpgsm --import CA-priv.crt
$ gpgsm --import joergd.crt

 
> Please run
>   LC_ALL=C gpg --with-keygrip --list-secret-keys
> (I assume gpg2 is installed as gpg.)

$ LC_ALL=C gpg --with-keygrip --list-secret-keys
gpg: invalid option "--with-keygrip"

$ LC_ALL=C gpg --version
gpg (GnuPG) 2.0.21
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

> Please run
>   LC_ALL=C gpgsm --with-keygrip --list-secret-keys

$ LC_ALL=C gpgsm --with-keygrip --list-secret-keys
gpgsm: invalid option "--with-keygrip"

Btw. the keygrips are in place (I think):

$ ls -1 ~/.gnupg/private-keys-v1.d/
719D81D0405AF65B1BEC322725CB23DCECE389C4.key
C080E663512A54C29D1D1108308AF44D28A0EBAE.key
F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2.key


-- 
Jörg Deckert

More information about the Gnupg-users mailing list