On Fri, Jan 31, 2020 at 12:39:11AM +0100, mailing list wrote:
By the way, is mcl3 the length of the key currently living on the smartcard or the maximum key length supported by this card?
Neither of those. It's the maximum length of the "Cardholder certificate DO". This is another data object available on a OpenPGP smart card, intended to store a X.509 certificate.
You can write to that DO using the (undocumented) writecert command. For example, assumimg the cert.der file contains a DER-encoded X.509 certificate:
$ gpg --card-edit gpg/card> writecert 3 < cert.derGnuPG allows to write into that DO but does not actually use it. As far as I know the only component that makes use of the Cardholder certificate DO is Scute [1], for TLS client authentication (and even for that the DO is actually dispensable: if Scute does not find the desired certificate in that DO, it will obtain it from GpgSM.)
I just play with a card version 1.1 and mcl3 is 0 there.....
The Cardholder certificate DO was added in version 2.0 of the specification, so nothing surprising here.
Cheers, - Damien [1] http://scute.org/
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
