Re: gpg --card-status

2024-01-02 Thread Felix E. Klee 
On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee  wrote:
> Example output with line numbers:
>
> 01 Reader ...: Yubico YubiKey CCID 00 00
> 02 Application ID ...: D276000124010304000618698015
> 03 Application type .: OpenPGP
> 04 Version ..: 3.4
> 05 Manufacturer .: Yubico
> 06 Serial number : 18698015
> 07 Name of cardholder: [not set]
> 08 Language prefs ...: [not set]
> 09 Salutation ...:
> 10 URL of public key : [not set]
> 11 Login data ...: [not set]
> 12 Signature PIN : not forced
> 13 Key attributes ...: rsa4096 rsa4096 rsa4096
> 14 Max. PIN lengths .: 127 127 127
> 15 PIN retry counter : 3 0 3
> 16 Signature counter : 0
> 17 KDF setting ..: off
> 18 Signature key : 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>D589
> 19   created : 2023-06-29 03:50:43
> 20 Encryption key: DBBD 3239 D0F1 4326 808D  FC8F 7CC0 2D68 D2E3
>1736
> 21   created : 2023-06-29 03:50:43
> 22 Authentication key: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>D589
> 23   created : 2023-06-29 03:50:43
> 24 General key info..: pub  rsa4096/1BE349D11B6ED589 2023-06-29
>Felix E. Klee (YubiKey) 
> 25 sec>  rsa4096/1BE349D11B6ED589  created: 2023-06-29  expires:
>never
> 26 card-no: 0006 18698015
> 27 ssb>  rsa4096/7CC02D68D2E31736  created: 2023-06-29  expires:
>never
> 28 card-no: 0006 18698015
> 29 ssb#  rsa4096/32B106F6877CC64B  created: 2023-11-22  expires:
>never

Thanks for all the input! My current state of knowledge is:

  * Lines 18, 20, 22: Fingerprints identifying the secret keys stored on
the card.

A fingerprint is an SHA-1 hash of: corresponding public key + some
meta data

The fingerprints displayed on these lines are stored on the card.

  * Lines 25, 27, 29: Information about availability of secret keys on
the card.

The numbers are long key IDs. A long key ID is the last 16
characters of a fingerprint.

The fingerprints displayed on these lines are generated from the
public keys stored on disk.

Here:

  - sec: Secret primary key

  - ssb: Secret sub key

  - >: Secret key is available on the card

  - #: Secret key is missing from the card

For a summary concerning how the fingerprints are calculated, I found:

https://blog.djoproject.net/2020/05/03/main-differences-between-a-gnupg-fingerprint-a-ssh-fingerprint-and-a-keygrip/

Please correct me where I’m wrong!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --card-status

2024-01-02 Thread Matthias Apitz 
El día lunes, enero 01, 2024 a las 09:10:01p. m. +0100, Ingo Klöcker escribió:

> On Montag, 1. Januar 2024 20:33:28 CET Matthias Apitz wrote:
> > It seems from the man page that only '#' is documented:
> 
> Must be an older version. The manual page of GnuPG 2.4.3 reads:

You are correct:

$ gpg --version | grep ^gpg
gpg (GnuPG) 1.4.23
$ man gpg | col -b | grep -A5 -- -K
   -K List all keys from the secret keyrings, or just the ones given
  on the command line. A # after the letters sec means that the
  secret key is not usable (for example, if it was created via
  --export-secret-subkeys).


$ gpg2 --version | grep ^gpg
gpg (GnuPG) 2.4.3
$ man gpg2 | col -b | grep -A5 -- -K
   -K List the specified secret keys.  If no keys are specified, then
  all known secret keys are listed.  A # after the initial tags
  sec or ssb means that the secret key or subkey is currently not
  usable.  We also say that this key has been taken offline (for
  example, a primary key can be taken offline by exporting the key
  using the command --export-secret-subkeys).  A > after these
  ...

Thanks

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --card-status

2024-01-01 Thread Matthias Apitz 
El día domingo, diciembre 31, 2023 a las 05:34:42p. m. +0100, Ingo Klöcker 
escribió:

> On Samstag, 30. Dezember 2023 23:30:39 CET Felix E. Klee wrote:
> > Line 25: “sec>” means secret primary key. Where does the key ID come
> > from? Is it read from the card? Or it read from the public key ring on
> > disk?
> > 
> > Line 27: “ssb>” means secret sub key.
> > 
> > Line 29: “ssb#” means secret sub key, but without the matching secret
> > key on the card. This I just learned from Ingo Klöcker in another
> > thread.
> 
> The meaning of ">" and "#" is documented in the description of the command
> `--list-secret-keys` in the manual page of gpg.
> 
> Regards,
> Ingo

It seems from the man page that only '#' is documented:

man gpg
...
   --list-secret-keys

   -K List all keys from the secret keyrings, or just the ones given
  on the command line. A # after the letters sec means that the
  secret key is not usable (for example, if it was created via
  --export-secret-subkeys).

What does '>' means?

Thanks

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --card-status

2024-01-01 Thread Ingo Klöcker 
On Montag, 1. Januar 2024 20:33:28 CET Matthias Apitz wrote:
> It seems from the man page that only '#' is documented:

Must be an older version. The manual page of GnuPG 2.4.3 reads:

   ‐K List  the  specified  secret keys.  If no keys are specified, 
then 
all known secret keys are listed.  A # after the initial tags sec or ssb means 
that the secret key or subkey is currently not usable.  We also say that this 
key has been taken offline (for example, a primary key can be taken offline by 
exporting the key using  the  command  ‐‐export‐secret‐subkeys).  A > after 
these tags indicate that the key is stored on a smartcard.  See also 
‐‐list‐keys.

Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --card-status

2023-12-31 Thread Ingo Klöcker 
On Samstag, 30. Dezember 2023 23:30:39 CET Felix E. Klee wrote:
> Line 25: “sec>” means secret primary key. Where does the key ID come
> from? Is it read from the card? Or it read from the public key ring on
> disk?
> 
> Line 27: “ssb>” means secret sub key.
> 
> Line 29: “ssb#” means secret sub key, but without the matching secret
> key on the card. This I just learned from Ingo Klöcker in another
> thread.

The meaning of ">" and "#" is documented in the description of the command
`--list-secret-keys` in the manual page of gpg.

Regards,
Ingo



signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --card-status fails with Yubikey 5 under MSYS2

2021-02-23 Thread Werner Koch via Gnupg-users 
On Tue, 23 Feb 2021 18:47, Doug Richardson said:
> Under MSYS2, gpg --card-status fails with the following when trying to

GnuPG is not intended to be build under MSYS.  You need to cross-build
from a real POSIX system using mingw.  All other ways to build it are
not supported and are strongly discouraged.  Sorry.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users