Re: gpg --card-status
On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee wrote: > Example output with line numbers: > > 01 Reader ...: Yubico YubiKey CCID 00 00 > 02 Application ID ...: D276000124010304000618698015 > 03 Application type .: OpenPGP > 04 Version ..: 3.4 > 05 Manufacturer .: Yubico > 06 Serial number : 18698015 > 07 Name of cardholder: [not set] > 08 Language prefs ...: [not set] > 09 Salutation ...: > 10 URL of public key : [not set] > 11 Login data ...: [not set] > 12 Signature PIN : not forced > 13 Key attributes ...: rsa4096 rsa4096 rsa4096 > 14 Max. PIN lengths .: 127 127 127 > 15 PIN retry counter : 3 0 3 > 16 Signature counter : 0 > 17 KDF setting ..: off > 18 Signature key : 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E >D589 > 19 created : 2023-06-29 03:50:43 > 20 Encryption key: DBBD 3239 D0F1 4326 808D FC8F 7CC0 2D68 D2E3 >1736 > 21 created : 2023-06-29 03:50:43 > 22 Authentication key: 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E >D589 > 23 created : 2023-06-29 03:50:43 > 24 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 >Felix E. Klee (YubiKey) > 25 sec> rsa4096/1BE349D11B6ED589 created: 2023-06-29 expires: >never > 26 card-no: 0006 18698015 > 27 ssb> rsa4096/7CC02D68D2E31736 created: 2023-06-29 expires: >never > 28 card-no: 0006 18698015 > 29 ssb# rsa4096/32B106F6877CC64B created: 2023-11-22 expires: >never Thanks for all the input! My current state of knowledge is: * Lines 18, 20, 22: Fingerprints identifying the secret keys stored on the card. A fingerprint is an SHA-1 hash of: corresponding public key + some meta data The fingerprints displayed on these lines are stored on the card. * Lines 25, 27, 29: Information about availability of secret keys on the card. The numbers are long key IDs. A long key ID is the last 16 characters of a fingerprint. The fingerprints displayed on these lines are generated from the public keys stored on disk. Here: - sec: Secret primary key - ssb: Secret sub key - >: Secret key is available on the card - #: Secret key is missing from the card For a summary concerning how the fingerprints are calculated, I found: https://blog.djoproject.net/2020/05/03/main-differences-between-a-gnupg-fingerprint-a-ssh-fingerprint-and-a-keygrip/ Please correct me where I’m wrong! ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --card-status
El día lunes, enero 01, 2024 a las 09:10:01p. m. +0100, Ingo Klöcker escribió: > On Montag, 1. Januar 2024 20:33:28 CET Matthias Apitz wrote: > > It seems from the man page that only '#' is documented: > > Must be an older version. The manual page of GnuPG 2.4.3 reads: You are correct: $ gpg --version | grep ^gpg gpg (GnuPG) 1.4.23 $ man gpg | col -b | grep -A5 -- -K -K List all keys from the secret keyrings, or just the ones given on the command line. A # after the letters sec means that the secret key is not usable (for example, if it was created via --export-secret-subkeys). $ gpg2 --version | grep ^gpg gpg (GnuPG) 2.4.3 $ man gpg2 | col -b | grep -A5 -- -K -K List the specified secret keys. If no keys are specified, then all known secret keys are listed. A # after the initial tags sec or ssb means that the secret key or subkey is currently not usable. We also say that this key has been taken offline (for example, a primary key can be taken offline by exporting the key using the command --export-secret-subkeys). A > after these ... Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --card-status
El día domingo, diciembre 31, 2023 a las 05:34:42p. m. +0100, Ingo Klöcker escribió: > On Samstag, 30. Dezember 2023 23:30:39 CET Felix E. Klee wrote: > > Line 25: “sec>” means secret primary key. Where does the key ID come > > from? Is it read from the card? Or it read from the public key ring on > > disk? > > > > Line 27: “ssb>” means secret sub key. > > > > Line 29: “ssb#” means secret sub key, but without the matching secret > > key on the card. This I just learned from Ingo Klöcker in another > > thread. > > The meaning of ">" and "#" is documented in the description of the command > `--list-secret-keys` in the manual page of gpg. > > Regards, > Ingo It seems from the man page that only '#' is documented: man gpg ... --list-secret-keys -K List all keys from the secret keyrings, or just the ones given on the command line. A # after the letters sec means that the secret key is not usable (for example, if it was created via --export-secret-subkeys). What does '>' means? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --card-status
On Montag, 1. Januar 2024 20:33:28 CET Matthias Apitz wrote: > It seems from the man page that only '#' is documented: Must be an older version. The manual page of GnuPG 2.4.3 reads: ‐K List the specified secret keys. If no keys are specified, then all known secret keys are listed. A # after the initial tags sec or ssb means that the secret key or subkey is currently not usable. We also say that this key has been taken offline (for example, a primary key can be taken offline by exporting the key using the command ‐‐export‐secret‐subkeys). A > after these tags indicate that the key is stored on a smartcard. See also ‐‐list‐keys. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --card-status
On Samstag, 30. Dezember 2023 23:30:39 CET Felix E. Klee wrote: > Line 25: “sec>” means secret primary key. Where does the key ID come > from? Is it read from the card? Or it read from the public key ring on > disk? > > Line 27: “ssb>” means secret sub key. > > Line 29: “ssb#” means secret sub key, but without the matching secret > key on the card. This I just learned from Ingo Klöcker in another > thread. The meaning of ">" and "#" is documented in the description of the command `--list-secret-keys` in the manual page of gpg. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --card-status fails with Yubikey 5 under MSYS2
On Tue, 23 Feb 2021 18:47, Doug Richardson said: > Under MSYS2, gpg --card-status fails with the following when trying to GnuPG is not intended to be build under MSYS. You need to cross-build from a real POSIX system using mingw. All other ways to build it are not supported and are strongly discouraged. Sorry. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users