Multiple Smartcards - Signing
Matthew Monaco
matt at monaco.cx
Sun May 3 21:29:17 CEST 2015
On 05/03/2015 09:29 AM, Werner Koch wrote:
> On Sat, 2 May 2015 18:29, matt at monaco.cx said:
>
>> smartcard. This doesn't appear to be the case, however I may have broken it by
>> getting fancy: I moved my .key files to <alg><bits>-CAPS-8charkeyid-comment
>> (e.g. rsa2048-E-DDEC74FE-revoked) and then symlinked <keygrip>.key.
>
> Better don't do that. That may break on when changing the passphrase.
>
Thanks, I'll keep my eye out for issues. All of my .key files are shadow copies
for smartcards anyway so pw change is not an issue.
What about updating show copies? It looks like when scdaemon starts, they're
automatically created for new keys observed on the card. Is it a security risk
to update the shadow copies (e.g., blindly overwrite) every time scdaemon
starts? It's not as though I ever explicitly configured the keygrip -> card.
Or, would it be a risk or otherwise problematic to have the shadow copy contain
a list of cards?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150503/470e582d/attachment-0001.sig>
More information about the Gnupg-users
mailing list