[PATCH] gpg: enable key-to-card upload for cert-only keys
NIIBE Yutaka
gniibe at fsij.org
Sat Feb 1 15:14:27 CET 2014
Thank you for your report also sending to me. It required some time
for me to understand the context (I misunderstood as it were bug
1549).
On 2014-01-23 at 11:34 +0100, Dominik Heidler wrote:
> From: Dominik Heidler <dominik at heidler.eu>
>
> * g10/card-util.c (card_store_subkey): allow PUBKEY_USAGE_CERT
>
> GnuPG-bug-id: 1548
> Signed-off-by: Dominik Heidler <dominik at heidler.eu>
Let me rephrase.
I think that you have a primary key with C-flag only and want to
import that key to smartcard. I guess that you have a subkey for
signing only. Or you are considering such a use case. --- (*)
I could understand this. Life cycle would be different between
primary key and signing only key. I know some Debian developers who
use signing only subkey.
Currently, OpenPGP card specification doesn't fit the use case of (*)
very well, if a person wants to import both of primary key (for
signing only) and signing only subkey. It defines only a single key,
which is used to both purposes.
It would be good if OpenPGP card specification allows an optional
signing key, so that it could support the use case of (*). Then,
your patch will fully make sense.
Do you claim the use case above? Or, is your patch just a
theoretical?
In my opinion, we need to discuss enhancement of OpenPGP card
specification at first, if the use case is really common or its
support is needed.
--
More information about the Gnupg-devel
mailing list