On 05/01/2015 08:36 PM, Daniel Kahn Gillmor wrote: > On Thu 2015-04-30 17:49:28 -0400, Matthew Monaco wrote: >> Why isn't gpg smarter about selecting only from the /available/ keys >> at the time of signing? BTW, I'm using 2.1.3 > > I think this is the crux of your issue. It sounds like a bug to me. > > I've opened a bug report about it: > > https://bugs.gnupg.org/gnupg/issue1967 > > hth, > > --dkg >
Ah, thanks! I ended up moving forward with separate signing keys on each smartcard, filtering gpg.conf from rsync, and adding -u <subkey>!. Conversely, I am using the same auth key on both smartcards. For me, managing multiple SSH keys is more trouble then it's worth. Most notably, OpenStack will only seed one key to a new instance and I don't want to deal with having to keep track of which smartcard I'm using. So this would be related, but maybe I'll file a second bug report to request that the shadow copy of a key is automatically updated if its seen on a new smartcard. This doesn't appear to be the case, however I may have broken it by getting fancy: I moved my .key files to <alg><bits>-CAPS-8charkeyid-comment (e.g. rsa2048-E-DDEC74FE-revoked) and then symlinked <keygrip>.key. This is because sometimes I lose track of fingerprint <-> keygrip. It would be nice if --list-packets <keygrip>.key or some such listed info about the key...
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
