recommended way to use several smartcards with the same private key

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

recommended way to use several smartcards with the same private key

GnuPG - User mailing list
Hi all,

I am using several smartcards with the same private key for redundancy in case I lose one of them. I have been doing so for several years, and occasionally changing which card I use has always been a bit of a hazzle (in the lines of for example the discussion here: https://sven-seeberg.de/wp/?p=967 ).

This is not a super big deal, I can fix this easily with a method similar to what is explained on the blog, but still, it is a bit annoying to need to fix things by hand.

My questions are:

- is there a better / simpler way to register several cards that are interchangeable?
- if not, any hope this may be added some day / where could I ask for such a feature / is there some WIP already working on this?

Thanks in advance!

Best,

JRT

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: recommended way to use several smartcards with the same private key

Ingo Klöcker
On Montag, 29. März 2021 15:09:02 CEST J Rt via Gnupg-users wrote:

> Hi all,
>
> I am using several smartcards with the same private key for redundancy in
> case I lose one of them. I have been doing so for several years, and
> occasionally changing which card I use has always been a bit of a hazzle
> (in the lines of for example the discussion here:
> https://sven-seeberg.de/wp/?p=967 ).
>
> This is not a super big deal, I can fix this easily with a method similar
> to what is explained on the blog, but still, it is a bit annoying to need
> to fix things by hand.
>
> My questions are:
>
> - is there a better / simpler way to register several cards that are
> interchangeable?
> - if not, any hope this may be added some day / where could I ask for such
> a feature / is there some WIP already working on this?
The upcoming GnuPG 2.3 (which is currently in beta testing) supports using
several smartcards with the same private key. gpg simply checks if any of the
inserted smartcards provide the secret key and then uses this smartcard. If no
inserted smartcard provides the secret key, then gpg will ask for the
smartcard registered in the stub file. But you can insert any card providing
the key. gpg does not insist on using the smartcard listed in the stub file.

This may or may not work with a recent version of gpg 2.2 already because
quite a few things were backported to the 2.2 series.

What gpg 2.3 does not do is register multiple smartcards in the stub files
and, consequently, gpg does not ask for all smartcards that provide the secret
key. It's up to you to keep track of which of your multiple smartcards provide
the needed secret key.

Regards,
Ingo

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: recommended way to use several smartcards with the same private key

GnuPG - User mailing list


On Mon, Mar 29, 2021 at 11:08 PM Ingo Klöcker <[hidden email]> wrote:
On Montag, 29. März 2021 15:09:02 CEST J Rt via Gnupg-users wrote:
> Hi all,
>
> I am using several smartcards with the same private key for redundancy in
> case I lose one of them. I have been doing so for several years, and
> occasionally changing which card I use has always been a bit of a hazzle
> (in the lines of for example the discussion here:
> https://sven-seeberg.de/wp/?p=967 ).
>
> This is not a super big deal, I can fix this easily with a method similar
> to what is explained on the blog, but still, it is a bit annoying to need
> to fix things by hand.
>
> My questions are:
>
> - is there a better / simpler way to register several cards that are
> interchangeable?
> - if not, any hope this may be added some day / where could I ask for such
> a feature / is there some WIP already working on this?

The upcoming GnuPG 2.3 (which is currently in beta testing) supports using
several smartcards with the same private key. gpg simply checks if any of the
inserted smartcards provide the secret key and then uses this smartcard. If no
inserted smartcard provides the secret key, then gpg will ask for the
smartcard registered in the stub file. But you can insert any card providing
the key. gpg does not insist on using the smartcard listed in the stub file.

This may or may not work with a recent version of gpg 2.2 already because
quite a few things were backported to the 2.2 series.

What gpg 2.3 does not do is register multiple smartcards in the stub files
and, consequently, gpg does not ask for all smartcards that provide the secret
key. It's up to you to keep track of which of your multiple smartcards provide
the needed secret key.

Regards,
Ingo
_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Ok, many thanks for the explanation! Then this means that I should "just" wait for 2.3 :) . Hope this
comes to the next Ubuntu LTS release :) .

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: recommended way to use several smartcards with the same private key

GnuPG - User mailing list
In reply to this post by Ingo Klöcker
On Mon, 29 Mar 2021 22:52, Ingo Klöcker said:

> This may or may not work with a recent version of gpg 2.2 already because
> quite a few things were backported to the 2.2 series.

No, this has not been backported because it was a larger structural
change.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment