problem signing with a smart card
Tzafrir Cohen
tzafrir at cohens.org.il
Thu Jan 21 09:54:19 CET 2016
On Thu, Jan 21, 2016 at 04:50:37PM +0900, NIIBE Yutaka wrote:
> On 01/21/2016 02:54 PM, Tzafrir Cohen wrote:
> > $ gpg2 --home $PWD --list-secret-keys
> > /home/tzafrir/gpgtest/secring.gpg
> > ---------------------------------
> > sec 4096R/19765111 2013-08-08 [expires: 2023-08-06]
> > uid Tzafrir Cohen <tzafrir at debian.org>
> > uid Tzafrir Cohen <tzafrir at cohens.org.il>
> > uid Tzafrir Cohen <tzafrir.cohen at xorcom.com>
> > ssb> 3072R/0325A0CE 2014-09-29
> > ssb> 3072R/AFFB7FAE 2014-09-29
> > ssb> 3072R/07DAF838 2014-09-29
> > ssb 2048R/BBB53C25 2016-01-21
> >
> > gpg2 --card-status shows keys matching to those three keys.
>
> In the above example, you have a primary key and four sub keys. How
> three keys are on your card? Please don't omit the output of gpg2
> --card-status. That's mostly important to answer your question(s).
>
> It seems that you would confuse the capability of OpenPGPcard. It has
> three key slots, but the usage is defined as: sign, decrypt, and
> authentication.
>
> When you store your private key to signing slot, you can sign.
> When you store your private key to decryption slot, you can decrypt.
> When you store your private key to authenticationslot, you can
> authenticate (say, with SSH).
>
> I mean, you can only store a single signing key on your card.
Thanks. It seems I missed the obvious. The key on the card expired.
And indeed:
$ echo hi | faketime 'last year' /usr/bin/gpg --home $PWD --sign -a
# Works
So I guess I should just create new subkeys in the card.
Thanks for your reply.
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Gnupg-users
mailing list