Is this a bug? Primary certification-only key will not "keytocard"
Peter Lebbing
peter at digitalbrains.com
Sat Jun 8 13:01:29 CEST 2013
Hello Werner and list,
I could reproduce the problem the user "Mustrum" had with moving his
certification-only primary key to a smartcard. If you have a primary key with
sign and certify abilities, you can "keytocard" it to the Signature slot of an
OpenPGP card, and it will issue certifications just fine. But you can't move a
certification-only primary key to the Signature slot.
I think I did exactly this with my own key in 2009, and it worked fine.
Also, if you trick GnuPG into moving the primary key to a smartcard, it will
issue certifications perfectly fine as well.
This message is a reply to a message where I explain how I tricked GnuPG, in the
thread "Separate OpenPGP cards for master key and sub-keys".
Is it deliberate behaviour to deny the operation? And if so, I'm very interested
to know why.
By the way, back in 2009 I used a 2048-bit key, and Mustrum ran into the problem
with a 4096-bit key. I just tried, but it won't work for a 2048-bit key either.
Obviously, the chances that it was related to keysize were already slim, but I
checked anyway.
Greets,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list