Page MenuHome GnuPG
Create Task
Maniphest T4784

Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID
Closed, ResolvedPublic
Actions

Description

By the KEYGRIP centric support in scdaemon, we can move on to the next step;

Using a key on card, we still have the access pattern: firstly identify the key on card or identify card by SERIALNO and then, access by $AUTHKEYID, $ENCRKEYID, or $SIGNKEYID.

It is more natural for scdaemon (and gpg-agent) to expose a capability of AUTH/ENCR/SIGN of key, say, as a flag, when it handles KEYINFO command.

Then, we can remove the access by SERIALNO to change it access by KEYGRIP.

NOTE: we can not entirely remove $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID thing. It is needed for key generation.

Revisions and Commits

rG GnuPG
rG8edd4b8b8cdc gpg: Use "SCD KEYINFO" to get available card keys.
rGb2a2df174b21 scd: Enhance KEYINFO command to limit listing with capability.

Related Objects
Search...

Event Timeline

gniibe created this task.Dec 18 2019, 2:22 AM
gniibe lowered the priority of this task from Unbreak Now! to Normal.Dec 18 2019, 2:30 AM
gniibe renamed this task from Remove referring by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID to Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID.Dec 18 2019, 2:36 AM
gniibe added a comment.Dec 19 2019, 12:23 AM

Considering the concrete use case(s), it is more rational to support listing by capability.

NOTE: exposing capability is orthogonal issue

Firstly, I'm adding support of an optional argument for KEYINFO command of scdaemon to specify limiting listing by auth/encr/sign.

gniibe added a commit: rGb2a2df174b21: scd: Enhance KEYINFO command to limit listing with capability..Dec 19 2019, 10:07 AM
gniibe added a comment.Jan 13 2020, 8:53 AM

$AUTHKEYID use cases have been removed.

gniibe added a commit: rG8edd4b8b8cdc: gpg: Use "SCD KEYINFO" to get available card keys..Jan 16 2020, 5:10 AM
gniibe added a comment.Jan 16 2020, 5:14 AM

$ENCRKEYID use case have been removed.

gniibe added a comment.Jan 16 2020, 5:16 AM

There is no use cases for $SIGNKEYID.

gniibe closed this task as Resolved.Jan 16 2020, 5:17 AM