why injecting same RSA keys to different smartcards lead to different key id's

Alireza Sadeghpour alireza0101sadeghpour at gmail.com
Sat Mar 12 10:19:27 CET 2022


I've injected the same RSA keys to two different smartcard using the
pkcs11-tool, but when I import them in the gpg I got different keyids. With
this behavior a critical problem arises in the below scenario:

Consider I've generated an RSA key pair to sign and verify patches of a
product, and I backed up them in a safe environment and injected them in a
smartcard#1. Then I imported the smart-card resident keys to gpg. In the
product, I use the corresponding public key to verify the product patches.

If something goes wrong with smartcard#1, I expect to inject the backed-up
keys to smartcard#2 and use it to sign patches of the product. However, if
I import smartcard#2 keys in the gpg it leads to different key ids in
comparison to smartcard#1 and as the result, the product couldn't verify
the patch because the keyids are different.

Is there any workaround for this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220312/21442476/attachment.html>


More information about the Gnupg-users mailing list