On 08/11/2018 02:07, Guilhem Moulin wrote: > However that doesn't happen currently because I'm really worried about > copying real private key material to the initramfs along with the stubs; > GnuPG upstream was asked about a documented API to retrieve the stubs > but hasn't answered yet AFAIK. I'm not sure if the implementation > currently found in our branch would choke if the wrong smartcard is > inserted: I wasn't able to test this as I have only one token :-)
I have an idea on how to do this all more elegantly, but I haven't found the time to work it out yet. Please don't block on this when the current solution works for single reader, single smartcard cases. I don't know when I'll find the time, but I'll try something out and submit it as a patch. I can test with multiple test readers and cards and intend to do so. (For someone wondering: why do we need support for multiple card readers? Consider the situation where a laptop has a built-in smartcard reader but the user wishes to use a GnuK, which is a removable USB device, to unlock his partition instead. This user cannot remove the built-in smartcard reader.) Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature