Re: gpgsm --gen-key with key on smartcard

[Werner Koch]

On Wed, 28 Feb 2018 16:30, thomas.jaro...@intra2net.com said:

> what do you think about Peter's idea:
>
> $ gpg --with-keygrip --card-status

If you use that with --with-colons you can also script this.

But that is about gpg and not about gpgsm.  gpgsm has no external card
interface because the expected use case is that pre-presonalized cards
are used for X.509.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpPti8yjxDWD.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm --gen-key with key on smartcard

[Thomas Jarosch]

On Wednesday, 28 February 2018 14:50:39 CET Werner Koch wrote:
> If you need this information a small tool to present an enhanced menu
> could be written.  That tool would then utilize gpgsm and gpg.  GPA
> might be a candidate to implement this.

what do you think about Peter's idea:

$ gpg --with-keygrip --card-status


to show key ID -> keygrip mapping?

Or is that not easily possible protocol wise?
(I have zero knowledge about the keygrip stuff)

Cheers,
Thomas




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm --gen-key with key on smartcard

[Werner Koch]

On Wed, 28 Feb 2018 10:56, thomas.jaro...@intra2net.com said:

> When using a smartcard, what about showing the openpgp key IDs
> in the "Available keys" menu?

gpgsm does and shall not know anything about OpenPGP.  Thus it can't
display OpenPGP information.  In theory we could display the fingerprint
of the OpenPGP card because they are stored along with the key on the
OpenPGP card - however, that would only work for the OpenPGP card and
not for any other card which is supported by gpgsm.

If you need this information a small tool to present an enhanced menu
could be written.  That tool would then utilize gpgsm and gpg.  GPA
might be a candidate to implement this.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpgp6gCtilrW.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm --gen-key with key on smartcard

[Peter Lebbing]

On 28/02/18 10:56, Thomas Jarosch wrote:
> When using a smartcard, what about showing the openpgp key IDs
> in the "Available keys" menu?

I don't think that's possible: keygrips are "protocol" agnostic, but key
IDs are not. So while the keygrip is the same for S/MIME and OpenPGP,
key ID's are inherently an OpenPGP thing. It doesn't make sense to
select a "key ID" for an S/MIME key. That's what I mean by protocol here.

My suggestion would be that

$ gpg --with-keygrip --card-status

would include keygrips in the output (it doesn't do that currently).

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm --gen-key with key on smartcard

[Dirk Gottschalk via Gnupg-users]

Hi.

Am Mittwoch, den 28.02.2018, 10:56 +0100 schrieb Thomas Jarosch:
> To me it seems it shows the 'keygrip' instead of the smartcard key
> IDs?

Yes, that's correct.


> When using a smartcard, what about showing the openpgp key IDs
> in the "Available keys" menu?

I think this is not neccessary, since you can see the keygrip using
"gpg2 -K --with-Keygrip".

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen
Tel.: +49 1573 1152350

signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users