[Gnuk-users] factory-reset

NIIBE Yutaka gniibe at fsij.org
Fri Oct 14 00:46:47 UTC 2016


Hello,

My change to support factory-reset is now in the Gnuk repo.  It will
be in Gnuk 1.2.2.  If you have time, please test.

On 10/12/2016 04:43 PM, Jan Suhr wrote:
>> Personally, I also have a reason to introduce this compile-time
>> feature: I don't know how we can remove keys from original OpenPGP
>> card, other than by the factory reset.  Factory reset would be a
>> common way removing keys (if card/token support this).
> 
> I never understood why is it like this. Why can't Gnuk behave in
> this regards (when deleting keys) as Achim's "original" OpenPGP
> Card?

Because removing keys are not defined in the specification.  For me
removing keys are mandate feature, so, I added the feature in Gnuk.

Achim's original OpenPGP card implementations have support of change
of algorithm attribute.  As a side effect of changing algorithm
attribute, key is removed.

Gnuk 1.0 only support RSA-2048 and doesn't have support of changing
algorithm attribute.  I still wanted to support key removal.

> GnuPG 2.1 supports factory-reset of Achim's OpenPGP Card. Wouldn't
> you use the same mechanism for Gnuk?

Thanks for your suggestion.  Indeed, it is better not to require the
change of GnuPG.  Instead, I modified the SELECT FILE behavior of
Gnuk, so that no change is required for GnuPG side.
-- 



More information about the gnuk-users mailing list