Page MenuHome GnuPG

Kleopatra: Card personalization workflow
Open, WishlistPublic

Description

Currently initializing a card in VS-NfD mode with backup is pretty complicated.

  1. Generate a soft key
  2. Transfer each subkey to the card
  3. Set Admin PIN
  4. Set User PIN
  5. Set Reset Code
  6. Backup soft key
  7. Delete soft key
  8. Import public key of card
  9. Certify public key and send it to the AD

We should simplify this to a question of "Username, E-Mail, Backup storage folder, Certification key".
Alternatively to the Backup storage folder we could generate the keys on card.
Certification key could be something like: "checkbox certify key <certifying key selection>"

Then we should automatically generate the PINs and set them. As a result dialog we show the PINs, save the PINs to the Backup storage folder, and offer to "Print user Pins" which would create something like the trusted disk pinbrief. Which is just a PDF with the PIN / Reset code.

Event Timeline

aheinecke triaged this task as Wishlist priority.Aug 1 2022, 2:20 PM
aheinecke created this task.

As part of this the "Change Reset Code" button should be hidden in the general user interface.