Page MenuHome GnuPG

Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO
Testing, NormalPublic


For PKCS #15 Cards users are reportedly confused why Pinentry queries for: 160209155B0011311F What they see in the CardOS viewer and In Kleopatra and maybe printed on the card is only the last part of it: 0011311F

As I understand it the reason for this is that in the shadowed private key the serial number is stored and gpg-agent only knows about that. @werner Can you decide what to do about this? Naively i would just cut of the last 8 characters of the string for this smartcard type. This is something that is important to customers because users notice immediately a long string of numbers.

Event Timeline

aheinecke triaged this task as Normal priority.Aug 12 2022, 1:22 PM
aheinecke created this task.

We have changes for this in master; I need to see whether it is possible to backport them.

I am going to introduce a new DisplaySN: value for 2.2 which might also be useful for master.

In master we already have Token lines which are created but not yet used. I am going to extend this with the display S/N and drop the idea of a separate Display-SN entry.

If the stub has been created or updated we will now ask for the card
with the Display-SN. If in addition a Label has been set to the key
that label is also shown. Note that the Display-S/N is associated wit
a card but the Label is associated with a key. For example if the
same key has been stored on two cards, the prompt will ask for one of
those cards but shows the same same Label. It is sufficient to insert
any of the cards with the key because that is what we actually need.

Here is an example

using this key file:

Label: This is my key label
Key: (shadowed-private-key (ecc (curve brainpoolP512r1)(q  [...]
Token: 1602001BCF0014083E P15.DB92E9A7522152B38AAE4E6249D5DCCAC547C287
  - 0014083E
Token: 1602001BCF0014083F P15.DB92E9A7522152B38AAE4E6249D5DCCAC547C287
  - my+label%2bfoo

Note that the first Token line is used by the prompt.

werner removed a project: Restricted Project.Sep 2 2022, 3:08 PM
werner changed the task status from Open to Testing.May 26 2023, 2:32 PM
werner removed a project: backport.
werner moved this task from Backlog to QA on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.3); removed gnupg24.