Page MenuHome GnuPG

Card specification enhancement
Open, NormalPublic


There have been some requests to enhance OpenPGP card specifications.
This ticket is to collect all of them.

  • Many keys more than three
  • Data object for User ID of OpenPGP (which includes email address, usually)
  • Data object for self signature packet of OpenPGP
    • with timestamp, User ID and signature, public key of OpenPGP can be constructed on host
  • New way of authentication (not admin and user), for each key, just like gpg-agent
  • Support standard usage of
    • A device for certification (monthly use or yearly use)
    • Another (daily use) device for signing/decryption/authentication
  • DO for user preferences
  • DO to detect new card with factory settings
    • so that we don't need to ask USER PIN and ADMIN PIN showing factory defaults

Event Timeline

gniibe updated the task description. (Show Details)

Item 2 and 3 have already been solved by allowing to store a minimal key.

@wener But it uses undefined data structure of "certificate" DO, IIUC. My point is defining DOs for OpenPGP, so that host side can construct OpenPGP object from those DOs.

Well, it is now defined. We use a CMS object containing an OpenPGP keyblock container. Right, there is no open standard for it but with OIDs you don't really need them. it is a bit of a hack but it works with the majority of deployed cards and the overhead is quite small.

werner triaged this task as Normal priority.Jul 28 2020, 8:54 AM
werner added a project: Feature Request.