Due to the on-disk generation of encryption keys with a followup transfer to a smartcard, it may happen that a copy of the key still exists in gpg-agent's key store. We need a new command to gpg-card whcih checks the keys of inserted smartcards, prints information and allows to delete unwanted key copies.
Description
Description
Revisions and Commits
Revisions and Commits
| rG GnuPG | |||
| rGadeb17e37588 card: New subcommand "checkkeys". | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • werner | T6943 Add tool to detect and clean unsolicited copies of smartcard keys | ||
| Resolved | • werner | T6944 The default card key generation keeps an unprotected backup of the encryption key on disk |
Event Timeline
Comment Actions
Example output:
gpg/card> checkkeys D276000124010304000500009D8A0000 OpenPGP A1E8C48004B6F000B0D0872C35798C94D7F669B5 OPENPGP.1 shadowed D276000124010304000500009D8A0000 OpenPGP 4EA2A5AF4E19A121FCCCF2BF8FA78141653EBEEE OPENPGP.2 clear D276000124010304000500009D8A0000 OpenPGP 0CC9BECA94342A8A381ED9BC3BFF3AE110D2BCD3 OPENPGP.3 shadowed gpg/card> checkkeys --delete-clear-copy D276000124010304000500009D8A0000 OpenPGP A1E8C48004B6F000B0D0872C35798C94D7F669B5 OPENPGP.1 shadowed D276000124010304000500009D8A0000 OpenPGP 4EA2A5AF4E19A121FCCCF2BF8FA78141653EBEEE OPENPGP.2 clear D276000124010304000500009D8A0000 OpenPGP 0CC9BECA94342A8A381ED9BC3BFF3AE110D2BCD3 OPENPGP.3 shadowed Number of deleted key copies: 1 gpg/card> checkkeys D276000124010304000500009D8A0000 OpenPGP A1E8C48004B6F000B0D0872C35798C94D7F669B5 OPENPGP.1 shadowed D276000124010304000500009D8A0000 OpenPGP 4EA2A5AF4E19A121FCCCF2BF8FA78141653EBEEE OPENPGP.2 shadowed D276000124010304000500009D8A0000 OpenPGP 0CC9BECA94342A8A381ED9BC3BFF3AE110D2BCD3 OPENPGP.3 shadowed