Most efficient way to look whether a secret key is for X.509 or for OpenPGP
Andre Heinecke
aheinecke at gnupg.org
Mon Jan 7 10:57:20 CET 2019
Hi
On Thursday 3 January 2019 02:04:38 CET Rainer Perske wrote:
> I use gpgsm and gpg2 concurrently. I can quickly and easily see whether
> there are private keys in gnupghome/private-keys-v1.d/. But I cannot
> easily see whether these keys belong to X.509 key pairs or to OpenPGP
> key pairs.
>
> For my application, I need to know:
>
> a) What is the fastest way to detect whether I have a private X.509
> key? I need a simple boolean answer: yes or no.
> ....
My idea to make it faster then letting the agent do it is to do a keylisting
with the keygrip:
gpg(sm) --with-colons -k --with-keygrip
(the grp line contains the keygrip)
And then check if the private-keys.v1.d contains such a key file.This would be
quicker of course if you only needed to check for the private key of a specific
pubkey for which you knew the keyrgrip in advance.
You should leave it to the agent though (maybe you could somehow prestart the
agent to make it faster)? So that it is more robust if the key format changes
in the future.
Regards,
Andre
--
GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf. VR 11482 Düsseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190107/c0510008/attachment-0001.sig>
More information about the Gnupg-devel
mailing list