Re: Second OpenPGP-card
El día jueves, febrero 29, 2024 a las 01:40:53 +0100, Ingo Klöcker escribió: > "CCID L5" doesn't strike me as a sufficiently unique identifier for a key. If > I > add a (secondary) user ID "CCID L5" to my key and trick Matthias into > importing it won't pass start encrypting their passwords for my key? > > My ~/.password-store/.gpg-id contains the fingerprint of my password > encryption > key. Mine too now: purism@pureos:~$ gpg --list-keys --fingerprint /home/purism/.gnupg/pubring.kbx --- pub rsa2048 2021-10-30 [SC] 336E B968 92FE 9FE7 F6AD 01D6 529B 7423 F360 8141 uid [ultimate] Matthias Apitz (GnuPG CCID L5) sub rsa2048 2021-10-30 [A] sub rsa2048 2021-10-30 [E] purism@pureos:~$ cat .password-store/.gpg-id 336E B968 92FE 9FE7 F6AD 01D6 529B 7423 F360 8141 Thanks for this hint. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Mittwoch, 28. Februar 2024 17:30:21 CET Werner Koch via Gnupg-users wrote: > On Wed, 28 Feb 2024 10:55, Matthias Apitz said: > > purism@pureos:~$ cat .password-store/.gpg-id > > CCID L5 > > Which means that it encrypts to "CCID L5". pass parses this using > > while read -r gpg_id; do > gpg_id="${gpg_id%%#*}" # strip comment > [[ -n $gpg_id ]] || continue > GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" ) > GPG_RECIPIENTS+=( "$gpg_id" ) > done > > The good thing with pass is that it is easy to read. "CCID L5" doesn't strike me as a sufficiently unique identifier for a key. If I add a (secondary) user ID "CCID L5" to my key and trick Matthias into importing it won't pass start encrypting their passwords for my key? My ~/.password-store/.gpg-id contains the fingerprint of my password encryption key. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Wed, 28 Feb 2024 17:41, Jacob Bachmeyer said: > As Werner mentioned, you can also have different .gpg-id files for > different parts of your password store, if you wanted some passwords > to only be available with certain smartcards. FWIW: The C3S uses pass for their teams and meik wrote a script to manage such a password store: https://github.com/C3S/passtore Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Wed, 28 Feb 2024 17:40, Jacob Bachmeyer said: > Or even Windows, which remains disturbingly common in applications > that probably need far less attack surface, like industrial control > systems... (Is the stupidity of management a main driver of Shamir's > law?) Often true but the real problem is software complexity. Also: developers are being paid for their work and thus they tend to keep themself in business by requiring software changes all the time. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users