I'll ask the quick question first: I purchased an SCM SPR332 card reader, based on the Smartcard Howto's statement (about the SPR532) "The pinpad may be used to securely enter the PIN". I have found that I cannot use the pinpad, at least not with gnupg. Is this due to a misinterpretation of that statement? If so, perhaps changing the howto to indicate that while it may be used to securely enter a pin, Gnupg doesn't support this functionality. Or is it simply that the SPR532 works and the SPR 332 does not? Since the 332 is just a usb-only version of the 532, I'm figuring gnupg doesn't support this feature at all. I'd be happy to help test/debug if anyone's willing to add it.
Secondly, the longer and more involved question: I recently acquired an OpenPGP smart card, and while starting to use it, I noticed some strangeness: First, my current arrangement is as follows: I have a DSA master signing key, an ElGamal encryption subkey, and a DSA signing subkey. To use the smart card, I need to add an RSA signing key, and an RSA encryption key as well. Well, I did so, and this went reasonably smoothly. But, I then tried to make these keys usable on another system. >From what I can google, I should be able to (re)generate the stub keys by using 'gpg --card-status'. But, this seems not to work. If I then copy the pubring.gpg from the first machine and import it on the second, then when I run 'gpg --card-status' it fills in the field "General key info", and then it can apparently generate the stub RSA keys. But the secret parts of the subkeys are not available (indicated with a #, which I'm used to seeing for the master key). So I figure I'll import those secret parts, but it tells me "secret keys unchanged: 1" and nothing changes. So, I delete the secret keyring from the new machine, and import the old subkeys' secret parts first, then the new RSA subkeys' public parts. Now everything seems to work. BUT, when i run gpg --list-secret-keys I get the following output (removing some extra uids): sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) <[EMAIL PROTECTED]> ssb 2048g/9150664F 2004-07-01 ssb 1024D/3F52F59F 2004-12-13 sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) <[EMAIL PROTECTED]> ssb# 2048g/1DA6A1C7 2003-06-27 ssb# 2048g/9150664F 2004-07-01 ssb# 1024D/3F52F59F 2004-12-13 ssb# 2048g/96FAE64B 2002-03-22 ssb# 2048g/0193A5EB 2003-04-15 ssb> 1024R/4A1C1224 2005-06-27 ssb> 1024R/F40CACBA 2005-06-27 Shouldn't gnupg only produce one entry for that, like: sec# 1024D/51192FF2 2002-03-22 uid Alex L. Mauer (Home) <[EMAIL PROTECTED]> ssb# 2048g/1DA6A1C7 2003-06-27 ssb 2048g/9150664F 2004-07-01 ssb 1024D/3F52F59F 2004-12-13 ssb# 2048g/96FAE64B 2002-03-22 ssb# 2048g/0193A5EB 2003-04-15 ssb> 1024R/4A1C1224 2005-06-27 ssb> 1024R/F40CACBA 2005-06-27 Shouldn't I be able to import the secret parts of subkeys 9150664f and 3f52f59f after the stub keys have been created?? Oh, this is with gnupg 1.4.1 and 1.4.2rc2 -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
