[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: gpg --card-status
From:       "Felix E. Klee" <felix.klee () inka ! de>
Date:       2024-01-02 22:06:59
Message-ID: CA+m_8J3QdOhMvAgVRiOt_A+VL4Y1FxTSrwE09m-0MJ5oqwY7cQ () mail ! gmail ! com
[Download RAW message or body]

On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee <felix.klee@inka.de> wrote:
> Example output with line numbers:
> 
> 01 Reader ...........: Yubico YubiKey CCID 00 00
> 02 Application ID ...: D2760001240103040006186980150000
> 03 Application type .: OpenPGP
> 04 Version ..........: 3.4
> 05 Manufacturer .....: Yubico
> 06 Serial number ....: 18698015
> 07 Name of cardholder: [not set]
> 08 Language prefs ...: [not set]
> 09 Salutation .......:
> 10 URL of public key : [not set]
> 11 Login data .......: [not set]
> 12 Signature PIN ....: not forced
> 13 Key attributes ...: rsa4096 rsa4096 rsa4096
> 14 Max. PIN lengths .: 127 127 127
> 15 PIN retry counter : 3 0 3
> 16 Signature counter : 0
> 17 KDF setting ......: off
> 18 Signature key ....: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
> D589
> 19       created ....: 2023-06-29 03:50:43
> 20 Encryption key....: DBBD 3239 D0F1 4326 808D  FC8F 7CC0 2D68 D2E3
> 1736
> 21       created ....: 2023-06-29 03:50:43
> 22 Authentication key: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
> D589
> 23       created ....: 2023-06-29 03:50:43
> 24 General key info..: pub  rsa4096/1BE349D11B6ED589 2023-06-29
> Felix E. Klee (YubiKey) <yubikey@f76.eu>
> 25 sec>  rsa4096/1BE349D11B6ED589  created: 2023-06-29  expires:
> never
> 26                                 card-no: 0006 18698015
> 27 ssb>  rsa4096/7CC02D68D2E31736  created: 2023-06-29  expires:
> never
> 28                                 card-no: 0006 18698015
> 29 ssb#  rsa4096/32B106F6877CC64B  created: 2023-11-22  expires:
> never

Thanks for all the input! My current state of knowledge is:

  * Lines 18, 20, 22: Fingerprints identifying the secret keys stored on
    the card.

    A fingerprint is an SHA-1 hash of: corresponding public key + some
    meta data

    The fingerprints displayed on these lines are stored on the card.

  * Lines 25, 27, 29: Information about availability of secret keys on
    the card.

    The numbers are long key IDs. A long key ID is the last 16
    characters of a fingerprint.

    The fingerprints displayed on these lines are generated from the
    public keys stored on disk.

    Here:

      - sec: Secret primary key

      - ssb: Secret sub key

      - >: Secret key is available on the card

      - #: Secret key is missing from the card

For a summary concerning how the fingerprints are calculated, I found:

https://blog.djoproject.net/2020/05/03/main-differences-between-a-gnupg-fingerprint-a-ssh-fingerprint-and-a-keygrip/


Please correct me where I'm wrong!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic