Page MenuHome GnuPG
Feed Advanced Search

Aug 23 2019

vsrinu26f added a comment to T2893: gnupg should used ccid card key material fingerprints and not serial number.

And also this is excellent point.

Aug 23 2019, 8:57 PM · yubikey, Feature Request, gnupg

May 20 2019

vsrinu26f added a comment to T4301: Handling multiple subkeys on two SmartCards.

Thanks Gniibe San for explanation.

May 20 2019, 12:55 AM · Restricted Project, gnupg, scd, Bug Report

Mar 30 2019

vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry i think i blabbered without understanding context.

Mar 30 2019, 10:00 AM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I wish gnupg natively supports creating backup cards. To be able to import
private key material to do another keyto card. And every time it moves that
to card and removes from gnupg.

Mar 30 2019, 9:46 AM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

For exactly same key material on tokens. Just before writing first token
backup .gnupg folder or export all key info. Do key to card. Delete .gnupg
folder and restore from backup and keytocard second token.

Mar 30 2019, 9:39 AM · Restricted Project, Feature Request, gnupg

Mar 29 2019

vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

On the other hand if we want to track which token is used by having multiple unexpired signing subkeys and each token have its own subkey is a possible usecase where multiple admins have the tokens.

Mar 29 2019, 1:28 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I think if we have to update one token then we have to update backup token as well if moved to new subkey.

Mar 29 2019, 1:21 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry, ignore my comment if there is something with subkeys and you are
already using latest gnupg.

Mar 29 2019, 1:11 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

This is already implemented by yutaka.

Mar 29 2019, 1:05 PM · Restricted Project, Feature Request, gnupg

Sep 25 2017

vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

What is the benefit of two subkeys?

Sep 25 2017, 10:51 PM · Restricted Project, Feature Request, gnupg

Sep 21 2017

vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry previosly I asked for more slots for keys on token. But its not
needed one. I dont even know it is a valid request but

Sep 21 2017, 1:55 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

GnuPG by design uses latest sub keys so in your setup office and home one
of them is latest.

Sep 21 2017, 1:50 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

After reading PIV and using PIV token I understood how much simple and easy
GnuPG is by design. You guys rock.

Sep 21 2017, 1:43 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Is it you are moving to new sub keys? if yes do we still need outdated old
subkeys? Is it safe to cleanup old subkeys?

Sep 21 2017, 1:30 PM · Restricted Project, Feature Request, gnupg

Apr 22 2017

vsrinu26f added a comment to T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)).

litmus test will be :

Apr 22 2017, 3:15 PM · Restricted Project, gnupg, Feature Request

Jan 1 2017

vsrinu26f added a comment to T2893: gnupg should used ccid card key material fingerprints and not serial number.

Steps to reproduce:

  1. raspberry pi: create one master keypair(Certify) and three subkeys (Sign,

Encrypt, Authenticate). (I will still refer to these three subkeys as just subkeys)

  1. raspberry pi: backup ~/.gnupg
  2. insert hardware token yubikey1 and keytocard subkeys and eject the yubikey1
  3. raspberry pi: delete ~/.gnupg and restore ~/.gnupg from backup
  4. insert hardware token yubikey2 and keytocard subkeys and eject the yubikey2
  5. repeat steps 4, 5 for remaining gnuk, nitrokey or yubikeys.
  6. Now keep yubikey1 with you, give yubikey2 to your spouse, yubikey3 to your child.
  7. encrypt backup with gnupg using symmetric cipher.
  8. export public key.
  9. wipe ~/.gnupg
  10. Insert new formatted usb drive and copy public key.
  11. shared family laptop: import the public key from usb. insert yubikey1 and

fetch the subkeys to let gnupg know that the private keys are on hardware token.

  1. shared family laptop: encrypt and decrypt a file successfully with yubkey1.
  2. shared family laptop: insert spouses yubikey2 try decrypt the file encrypted

before. gnupg will not just ask but insist to insert card with a yubikey1 serial
number while you have yubikey2 which in this case also has the same subkeys that
can be used to decrypt the file.

Bug: gnupg does not let shared key usage while using hardware tokens on a shared
laptop.

expected: gnupg should be able to decrypt using any of the yubikeys having
required subkeys.

Jan 1 2017, 8:12 PM · yubikey, Feature Request, gnupg
vsrinu26f added a comment to T2893: gnupg should used ccid card key material fingerprints and not serial number.

Please consider: not all hardware tokens have serial numbers printed on them,
consider gnuk or nitro key. It is smart to put a stiker or use permanent marker
to mark keyid on the token incase of having multiple tokens. Another plus about
gnuk is that choose/change my serial number at will.

So, Please ask for a card with a keyid than serial number.

Jan 1 2017, 7:22 PM · yubikey, Feature Request, gnupg
vsrinu26f added a comment to T2893: gnupg should used ccid card key material fingerprints and not serial number.

Thank you for thinking on this.

Can user be asked "Please insert hardware token containing 0xXXXXXXXX key". I
guess users are smart enough (considering they are using gnupg) and would write
the keyid on their tokens if needed. If they only own one token which is most of
the time they just insert that. If they own multiple they will recognize by
color or a persoanlized sticker on the key or a permanent marker markings on
their card.

Sorry, I used the word ccid just to mean a hardware token.

I believe many want to have backup hardware tokens. Again this allows a family
share a laptop and still own the shared key in their own hardware tokens.

Here is the version information:
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Jan 1 2017, 7:15 PM · yubikey, Feature Request, gnupg
vsrinu26f added a project to T2898: Option to ignore card serial number (to be able to use backup tokens containing same subkeys): Bug Report.
Jan 1 2017, 6:55 PM · gnupg, Feature Request

Dec 23 2016

vsrinu26f added a project to T2893: gnupg should used ccid card key material fingerprints and not serial number: Bug Report.
Dec 23 2016, 3:11 AM · yubikey, Feature Request, gnupg

Dec 22 2016

vsrinu26f added projects to T2891: gpg --card-status works while gpg2 --card-status does not work: gnupg, Bug Report.
Dec 22 2016, 6:53 PM · Not A Bug, Bug Report, gnupg
vsrinu26f added projects to T2890: gpg multiple tokens with same subkeys and: gnupg, Bug Report.
Dec 22 2016, 6:39 PM · Mistaken, Trash