Hi, On Thu, Jan 30, 2020 at 11:24:54PM +0100, mailing list via Gnupg-users wrote:
How do you write to these objects? Can GnuPG do this? I didnĀ“t found any way with --card-edit or --card-status.
You can use the (undocumented) command "privatedo" from GnuPG's --card-edit menu. For example, to write into the private DO #1:
$ gpg --card-edit gpg/card> privatedo 1 Private DO data: [enter whatever value you want to store into the DO] Or, to write the contents of a file into the private DO #2: $ gpg --card-edit gpg/card> privatedo 2 < [filename]
And can GnuPG read these objects?
Yes. If a private DO contains a value, it will be listed in the output from the --card-status command.
I read somewhere, the size of these objects is 2048 bytes each. How many of these objects do exist on a smartcard?
First, note that private DOs are an optional feature of the OpenPGP smart card; not all implementations support them.
You can use the following command to check if an OpenPGP smart card supports private DOs:
$ gpg-connect-agent 'SCD LEARN --force' /bye | grep EXTCAP S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0+si=5+dec=0+bt=1+kdf=1Here, "pd=1" means the card does have private DOs. "pd=0" would indicate that private DOs are not supported.
When private DOs are supported, there are four of them. For cards compatible with versions 1.x or 2.x of the specification, they have a size of 254 bytes. For 3.x cards, the size of the private DOs is defined by the implementation (the OpenPGP smart card from FLOSS Shop [1] has indeed 2048-bytes private DOs).
Cheers, - Damien[1] https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3?c=40
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
