[FEATURE REQ] Keygrips in --card-status (was: gpgsm --gen-key with key on smartcard)

Peter Lebbing peter at digitalbrains.com
Thu Mar 1 13:06:03 CET 2018

On 28/02/18 20:59, Werner Koch wrote:
> But that is about gpg and not about gpgsm.

Currently, it's not that easy to get the keygrip for an OpenPGP
smartcard key.

For keys for which the public part is available, it's:
$ gpg --card-status
Note desired KEYID
$ gpg --with-keygrip -k $KEYID
Find the KEYID in the certificate listed and see the keygrip below it.

I have smartcards with Auth keys that are not part of an OpenPGP
certificate. For these and other cases where the public part is not in
the keyring, it's more difficult to get the keygrip. Probably something
$ gpg-connect-agent 'keyinfo --list' /bye|grep 87061340
for my GnuK with serial FFFE 87061340.

So if --card-status would actually use the --with-keygrip option, it
would be much easier to look up the keygrip for an OpenPGP smartcard,
*especially* when the smartcard is not currently in use by gpg. Even
though the query is done by "gpg --card-status", it is more a feature
for OpenPGP smartcards regardless of whether they are used for OpenPGP keys.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180301/e0cb05ea/attachment.sig>

More information about the Gnupg-users mailing list