Remove SERIALNO as an identifier to select keys
Testing, HighPublic

Description

In the stub file, we have SERIALNO. That has been so, until today.

This information is not needed any more, except the interaction to user asking insertion of card. And asking with SERIALNO does not help much.

Showing KEYGRIP when asking would not be better, but it is good to clean up the implementation.

I have a patch now, being attached.

gniibe created this task.Sep 5 2019, 8:04 AM

I did too many things at once.
I'm going to divide up into pieces.

gniibe added a comment.Sep 6 2019, 1:37 AM

By the change of rG9f39e0167d06: agent: Fix ask_for_card to allow a key on multiple cards., the SERIALNO in the stub is just an auxiliary information, not identifying the card. Now, it is the keygrip for key to identify/select the card.

gniibe lowered the priority of this task from Unbreak Now! to High.Sep 6 2019, 1:37 AM
gniibe added a comment.Sep 6 2019, 1:41 AM

Still there are two places where we use "SCD serialno --demand <SERIALNO>". One is g10/skclist.c where we list available keys, another is the funciton card_key_available in agent/command-ssh.c .

Those parts could/should be changed by using "SCD KEYINFO --list".

BTW: I have the problem that I want to know the keys of all cards. "getinfo card_list" along with --demand can be used for this. gpg-card works this way. It does not work if plug in addtional cards becuase card_list shows only the cards for which a SERIALNO command has been used. A new feature to scan the buses for all readers and cards would be quite useful.

Many cards have some printed information and I consider them important to avoid testing one by one all the cards from my pocket.
This I am really in favor of beeing asked to insert the respective card. The new text format private key files make it much easier to maintain this info

gniibe added a subtask: Restricted Maniphest Task.
werner removed a subtask: Restricted Maniphest Task.Dec 23 2019, 11:02 AM

With new "KEYINFO" command in scdaemon, a list of card keys can be retrieved by:

$ gpg-connect-agent "SCD SERIALNO" "SCD KEYINFO --list" /bye

Or using the function agent_scd_keyinfo for gpg, which does that.

The first "SCD SERIALNO" command let scdaemon re-scan smartcards/tokens.

gniibe changed the task status from Open to Testing.Jan 16 2020, 5:25 AM