diff options
author | Werner Koch <wk@gnupg.org> | 2019-04-02 18:57:09 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2019-04-02 18:57:09 +0200 |
commit | a480182f9d7ec316648cb64248f7a0cc8f681bc3 (patch) | |
tree | 1203776b7eca97c35be39826e145bfca46741059 /doc/gpg-card.texi | |
parent | common: Extend function pubkey_algo_string. (diff) | |
download | gnupg2-a480182f9d7ec316648cb64248f7a0cc8f681bc3.tar.xz gnupg2-a480182f9d7ec316648cb64248f7a0cc8f681bc3.zip |
gpg: Allow direct key generation from card with --full-gen-key.
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--
Note that this new menu 14 is always displayed. The usage flags can
be changed only in --expert mode, though. Creating and using signing
keys works but decryption does not yet work; we will need to tweak a
couple of other places for that. Tested with a Yubikey's PIV app.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc/gpg-card.texi')
-rw-r--r-- | doc/gpg-card.texi | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi index aa49f81e7..92379aa19 100644 --- a/doc/gpg-card.texi +++ b/doc/gpg-card.texi @@ -210,7 +210,7 @@ Key management ...: [none] keyref .....: PIV.9D @end example -Note that the ``Displayed s/sn'' is printed on the token and also +Note that the ``Displayed s/n'' is printed on the token and also shown in Pinentry prompts asking for the PIN. The four standard key slots are always shown, if other key slots are initialized they are shown as well. The @emph{PIV authentication} key (internal reference @@ -231,11 +231,11 @@ which needs to be provided only once so that decryption operations can then be done until the card is reset or removed from the reader or USB port. -We now generate tree of the four keys. Note that GnuPG does currently -not use the the @emph{Card authentication} key but because it is -mandatory by the specs we create it anyway. Key generation requires -that we authenticate to the card. This can be done either on the -command line (which would reveal the key): +We now generate three of the four keys. Note that GnuPG does +currently not use the the @emph{Card authentication} key; however, +that key is mandatory by the PIV standard and thus we create it too. +Key generation requires that we authenticate to the card. This can be +done either on the command line (which would reveal the key): @example gpg/card> auth 010203040506070801020304050607080102030405060708 @@ -360,7 +360,7 @@ gpgsm: total number processed: 1 gpgsm: imported: 1 @end example -Note the last steps which imported the created certificate. If you +Note the last step which imported the created certificate. If you you instead created a certificate signing request (CSR) instead of a self-signed certificate and sent this off to a CA you would do the same import step with the certificate received from the CA. Take note |