Different subkeys and the use of a SmartCard

Christopher Beck beckus at beckus.eu
Fri Dec 26 00:47:11 CET 2014 

On Sunday 21 December 2014 14:25:41 MFPA wrote:
> On Sunday 21 December 2014 at 12:16:26 AM, in
> 
> <mid:5679750.Eyp6YpnS5V at inno>, Hauke Laging wrote:
> > Am So 21.12.2014, 00:46:40 schrieb Christopher Beck:
> >> Second (and working for everything) was adding the
> >> line "local-user 0x11111111!' to the gpg.conf file!
> > 
> > Interesting idea.
> 
> Using two of those lines is how I am signing my messages using both
> an RSA and an EDDSA subkey.
> 
> > But I assume that leads to each (i.e.
> > not only those requested from 0x88888888) signature
> > being not replaced but being  extended by one from
> > 0x11111111.
> 
> If you ask for a signature from 0x88888888, GnuPG will sign with
> subkey 0x11111111 instead.
> 
> If you specify 0x88888888! (with the "!"), you get sigs from both
> 0x11111111 and 0x88888888.

Could that explain, why gpg didn't finish its singing process? As mentioned a 
few mails before, the primary secret key (0x11111111) is not available.

Now I downgraded everything to gnupg 2.0.26, dirmng 1.1.1 and gpgme 1.5.2, 
because there seems to be a bug [1] [2] and everything works well. I will set 
up a test box after the x-mas holidays to do further tries.

As Werner said

> > Sorry for this second mail, but it does not work well. It signs on the
> > commandline and everywhere, but using this configuration for mail clients,
> > they just stop sending the whole signated message... Well, I hope there
> > is a> 
> If the mail clients are using gpgme they have no way to specify the use
> of a specific subkey.
> 
> My tentative plan to change that and allow for a couple of other things
> is a new interface to set flags on a gpgme_key_t object and also to
> allow creation of such an object without the need for running a key
> listing first.

it might not be possible when using a gpme based mail client. I'll also check, 
how kmail invokes gnupg after the holidays.

This far, thank you very much!

[1]: https://bugs.archlinux.org/task/43173
[2]: https://bugs.g10code.com/gnupg/issue1793
-- 
Christopher Beck

Gerhart-Hauptmann-Str. 1
91058 Erlangen
Tel.: 09131 / 9245437
Fax.: 09131 / 8148708
Jabber: beckus at jabber.org
EPVPN: (+49 221 59619) - 5232
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141226/1fc598e1/attachment.sig>

More information about the Gnupg-users mailing list