init gpg via smartcard
Alexander Kulbartsch
alexander at kulbartsch.de
Tue Jun 4 13:20:34 CEST 2024
Hi!
On Mittwoch, 29. Mai 2024 16:14:52 MESZ Henning Follmann wrote:
> Hello I do not know if this is possible or even makes sense.
The following makes totally sense.
I assume you know how to do the steps you describe, if not please ask. I just add some comments.
> So an initial setup including a smartcard is like this:
>
> - generate key pair
> - add sub keys - encrypt, sign, auth
> - move the private part of sub keys to smartcard
> - publish public key to keyserver
- To make it perfect, put the URL to the key on the card.
In case of WKD you can get the URL using
% gpg-wks-client --print-wkd-url <EMAIL>
(this returns the most complete version, you probably
want to reduce this.)
Adding the URL on the card:
% gpg --card-edit
gpg/card> admin
gpg/card> url
(enter the url)
gpg/card> quit
> - take the master key offline
>
>
> I want to use the smartcard to initialize gpg on a different
> computer:
> - plug in smartcard
> - fetch the public keys from keyserver
% gpg --card-edit
gpg/card> fetch
gpg/card> quit
> - validate the public keys with the keys on smartcard
You see if the card matches the fetched key.
> - add the stubs for the smartcard keys to my keychain
The stub will be automatically generated.
> Is there a tool like this?
To do all of the above automatically? Not that I am aware of.
You might want to write a script. ;)
Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 837 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240604/1b7f30b2/attachment.sig>
More information about the Gnupg-users
mailing list