summaryrefslogtreecommitdiffstats
path: root/doc/gpg-card.texi
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2019-04-02 18:57:09 +0200
committerWerner Koch <wk@gnupg.org>2019-04-02 18:57:09 +0200
commita480182f9d7ec316648cb64248f7a0cc8f681bc3 (patch)
tree1203776b7eca97c35be39826e145bfca46741059 /doc/gpg-card.texi
parentcommon: Extend function pubkey_algo_string. (diff)
downloadgnupg2-a480182f9d7ec316648cb64248f7a0cc8f681bc3.tar.xz
gnupg2-a480182f9d7ec316648cb64248f7a0cc8f681bc3.zip
gpg: Allow direct key generation from card with --full-gen-key.
* g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Creating and using signing keys works but decryption does not yet work; we will need to tweak a couple of other places for that. Tested with a Yubikey's PIV app. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc/gpg-card.texi')
-rw-r--r--doc/gpg-card.texi14
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi
index aa49f81e7..92379aa19 100644
--- a/doc/gpg-card.texi
+++ b/doc/gpg-card.texi
@@ -210,7 +210,7 @@ Key management ...: [none]
keyref .....: PIV.9D
@end example
-Note that the ``Displayed s/sn'' is printed on the token and also
+Note that the ``Displayed s/n'' is printed on the token and also
shown in Pinentry prompts asking for the PIN. The four standard key
slots are always shown, if other key slots are initialized they are
shown as well. The @emph{PIV authentication} key (internal reference
@@ -231,11 +231,11 @@ which needs to be provided only once so that decryption operations can
then be done until the card is reset or removed from the reader or USB
port.
-We now generate tree of the four keys. Note that GnuPG does currently
-not use the the @emph{Card authentication} key but because it is
-mandatory by the specs we create it anyway. Key generation requires
-that we authenticate to the card. This can be done either on the
-command line (which would reveal the key):
+We now generate three of the four keys. Note that GnuPG does
+currently not use the the @emph{Card authentication} key; however,
+that key is mandatory by the PIV standard and thus we create it too.
+Key generation requires that we authenticate to the card. This can be
+done either on the command line (which would reveal the key):
@example
gpg/card> auth 010203040506070801020304050607080102030405060708
@@ -360,7 +360,7 @@ gpgsm: total number processed: 1
gpgsm: imported: 1
@end example
-Note the last steps which imported the created certificate. If you
+Note the last step which imported the created certificate. If you
you instead created a certificate signing request (CSR) instead of a
self-signed certificate and sent this off to a CA you would do the
same import step with the certificate received from the CA. Take note