[Gnuk-users] factory-reset
NIIBE Yutaka
gniibe at fsij.org
Fri Oct 14 00:46:47 UTC 2016
Hello,
My change to support factory-reset is now in the Gnuk repo. It will
be in Gnuk 1.2.2. If you have time, please test.
On 10/12/2016 04:43 PM, Jan Suhr wrote:
>> Personally, I also have a reason to introduce this compile-time
>> feature: I don't know how we can remove keys from original OpenPGP
>> card, other than by the factory reset. Factory reset would be a
>> common way removing keys (if card/token support this).
>
> I never understood why is it like this. Why can't Gnuk behave in
> this regards (when deleting keys) as Achim's "original" OpenPGP
> Card?
Because removing keys are not defined in the specification. For me
removing keys are mandate feature, so, I added the feature in Gnuk.
Achim's original OpenPGP card implementations have support of change
of algorithm attribute. As a side effect of changing algorithm
attribute, key is removed.
Gnuk 1.0 only support RSA-2048 and doesn't have support of changing
algorithm attribute. I still wanted to support key removal.
> GnuPG 2.1 supports factory-reset of Achim's OpenPGP Card. Wouldn't
> you use the same mechanism for Gnuk?
Thanks for your suggestion. Indeed, it is better not to require the
change of GnuPG. Instead, I modified the SELECT FILE behavior of
Gnuk, so that no change is required for GnuPG side.
--
More information about the gnuk-users
mailing list