On Sun, 13 Feb 2011 01:41, k...@grant-olson.net said: > Thirdly, the SCUTE docs start by generating a certificate request from > your OpenPGP authentication key. In this scenario, are you just using > the Same RSA key for both your OpenPGP and X509 certificates? Does the
Yes, it is possible to create a CSR from an existing key. If you run gpgsm --gen-key you see Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 2 Enter the keygrip: With GnuPG 2.1 you may now easily use any existing key, run gpg[sm] --with-keygrip -K to get the keygrip. The keygrip is also used as the name of the file holding the key at private-keys-v1.d/. IIRC, Scute does exactly this. I have not looked at Scute for a long time thus you better check yourself. > certificate imported into gpgsm just contain the public key and the CA's > signature and somehow defer operations to the card? Yes, you have to run gpgsm --learn-card first so that the agent knows what public keys are stored on the card. The certificates on the cards are in general not necessary. If the card contains X.509 certificates, gpgsm --learn-card will import them for future use. Scute usually fetches the certificates via gpgsm but will also take care of the certificates stored on the card. This clearly needs more documentation. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users