gpg --card-status

Felix E. Klee felix.klee at inka.de
Tue Jan 2 23:06:59 CET 2024 

On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee <felix.klee at inka.de> wrote:
> Example output with line numbers:
>
>     01 Reader ...........: Yubico YubiKey CCID 00 00
>     02 Application ID ...: D2760001240103040006186980150000
>     03 Application type .: OpenPGP
>     04 Version ..........: 3.4
>     05 Manufacturer .....: Yubico
>     06 Serial number ....: 18698015
>     07 Name of cardholder: [not set]
>     08 Language prefs ...: [not set]
>     09 Salutation .......:
>     10 URL of public key : [not set]
>     11 Login data .......: [not set]
>     12 Signature PIN ....: not forced
>     13 Key attributes ...: rsa4096 rsa4096 rsa4096
>     14 Max. PIN lengths .: 127 127 127
>     15 PIN retry counter : 3 0 3
>     16 Signature counter : 0
>     17 KDF setting ......: off
>     18 Signature key ....: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>        D589
>     19       created ....: 2023-06-29 03:50:43
>     20 Encryption key....: DBBD 3239 D0F1 4326 808D  FC8F 7CC0 2D68 D2E3
>        1736
>     21       created ....: 2023-06-29 03:50:43
>     22 Authentication key: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>        D589
>     23       created ....: 2023-06-29 03:50:43
>     24 General key info..: pub  rsa4096/1BE349D11B6ED589 2023-06-29
>        Felix E. Klee (YubiKey) <yubikey at f76.eu>
>     25 sec>  rsa4096/1BE349D11B6ED589  created: 2023-06-29  expires:
>        never
>     26                                 card-no: 0006 18698015
>     27 ssb>  rsa4096/7CC02D68D2E31736  created: 2023-06-29  expires:
>        never
>     28                                 card-no: 0006 18698015
>     29 ssb#  rsa4096/32B106F6877CC64B  created: 2023-11-22  expires:
>        never

Thanks for all the input! My current state of knowledge is:

  * Lines 18, 20, 22: Fingerprints identifying the secret keys stored on
    the card.

    A fingerprint is an SHA-1 hash of: corresponding public key + some
    meta data

    The fingerprints displayed on these lines are stored on the card.

  * Lines 25, 27, 29: Information about availability of secret keys on
    the card.

    The numbers are long key IDs. A long key ID is the last 16
    characters of a fingerprint.

    The fingerprints displayed on these lines are generated from the
    public keys stored on disk.

    Here:

      - sec: Secret primary key

      - ssb: Secret sub key

      - >: Secret key is available on the card

      - #: Secret key is missing from the card

For a summary concerning how the fingerprints are calculated, I found:

https://blog.djoproject.net/2020/05/03/main-differences-between-a-gnupg-fingerprint-a-ssh-fingerprint-and-a-keygrip/

Please correct me where I’m wrong!

More information about the Gnupg-users mailing list