Re: Second OpenPGP-card
El día jueves, febrero 29, 2024 a las 01:40:53 +0100, Ingo Klöcker escribió: > "CCID L5" doesn't strike me as a sufficiently unique identifier for a key. If > I > add a (secondary) user ID "CCID L5" to my key and trick Matthias into > importing it won't pass start encrypting their passwords for my key? > > My ~/.password-store/.gpg-id contains the fingerprint of my password > encryption > key. Mine too now: purism@pureos:~$ gpg --list-keys --fingerprint /home/purism/.gnupg/pubring.kbx --- pub rsa2048 2021-10-30 [SC] 336E B968 92FE 9FE7 F6AD 01D6 529B 7423 F360 8141 uid [ultimate] Matthias Apitz (GnuPG CCID L5) sub rsa2048 2021-10-30 [A] sub rsa2048 2021-10-30 [E] purism@pureos:~$ cat .password-store/.gpg-id 336E B968 92FE 9FE7 F6AD 01D6 529B 7423 F360 8141 Thanks for this hint. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Mittwoch, 28. Februar 2024 17:30:21 CET Werner Koch via Gnupg-users wrote:
> On Wed, 28 Feb 2024 10:55, Matthias Apitz said:
> > purism@pureos:~$ cat .password-store/.gpg-id
> > CCID L5
>
> Which means that it encrypts to "CCID L5". pass parses this using
>
> while read -r gpg_id; do
> gpg_id="${gpg_id%%#*}" # strip comment
> [[ -n $gpg_id ]] || continue
> GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )
> GPG_RECIPIENTS+=( "$gpg_id" )
> done
>
> The good thing with pass is that it is easy to read.
"CCID L5" doesn't strike me as a sufficiently unique identifier for a key. If I
add a (secondary) user ID "CCID L5" to my key and trick Matthias into
importing it won't pass start encrypting their passwords for my key?
My ~/.password-store/.gpg-id contains the fingerprint of my password encryption
key.
Regards,
Ingo
signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Wed, 28 Feb 2024 17:41, Jacob Bachmeyer said: > As Werner mentioned, you can also have different .gpg-id files for > different parts of your password store, if you wanted some passwords > to only be available with certain smartcards. FWIW: The C3S uses pass for their teams and meik wrote a script to manage such a password store: https://github.com/C3S/passtore Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Wed, 28 Feb 2024 17:40, Jacob Bachmeyer said: > Or even Windows, which remains disturbingly common in applications > that probably need far less attack surface, like industrial control > systems... (Is the stupidity of management a main driver of Shamir's > law?) Often true but the real problem is software complexity. Also: developers are being paid for their work and thus they tend to keep themself in business by requiring software changes all the time. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
