Page MenuHome GnuPG

Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID
Closed, ResolvedPublic


By the KEYGRIP centric support in scdaemon, we can move on to the next step;

Using a key on card, we still have the access pattern: firstly identify the key on card or identify card by SERIALNO and then, access by $AUTHKEYID, $ENCRKEYID, or $SIGNKEYID.

It is more natural for scdaemon (and gpg-agent) to expose a capability of AUTH/ENCR/SIGN of key, say, as a flag, when it handles KEYINFO command.

Then, we can remove the access by SERIALNO to change it access by KEYGRIP.

NOTE: we can not entirely remove $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID thing. It is needed for key generation.

Event Timeline

gniibe lowered the priority of this task from Unbreak Now! to Normal.Dec 18 2019, 2:30 AM
gniibe renamed this task from Remove referring by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID to Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID.Dec 18 2019, 2:36 AM

Considering the concrete use case(s), it is more rational to support listing by capability.

NOTE: exposing capability is orthogonal issue

Firstly, I'm adding support of an optional argument for KEYINFO command of scdaemon to specify limiting listing by auth/encr/sign.

$AUTHKEYID use cases have been removed.

$ENCRKEYID use case have been removed.

There is no use cases for $SIGNKEYID.