Hi! On Mittwoch, 29. Mai 2024 16:14:52 MESZ Henning Follmann wrote: > Hello I do not know if this is possible or even makes sense.
The following makes totally sense.
I assume you know how to do the steps you describe, if not please ask. I just
add some comments.
> So an initial setup including a smartcard is like this:
>
> - generate key pair
> - add sub keys - encrypt, sign, auth
> - move the private part of sub keys to smartcard
> - publish public key to keyserver
- To make it perfect, put the URL to the key on the card.
In case of WKD you can get the URL using
% gpg-wks-client --print-wkd-url <EMAIL>
(this returns the most complete version, you probably
want to reduce this.)
Adding the URL on the card:
% gpg --card-edit
gpg/card> admin
gpg/card> url
(enter the url)
gpg/card> quit
> - take the master key offline
>
>
> I want to use the smartcard to initialize gpg on a different
> computer:
> - plug in smartcard
> - fetch the public keys from keyserver
% gpg --card-edit
gpg/card> fetch
gpg/card> quit
> - validate the public keys with the keys on smartcard
You see if the card matches the fetched key.
> - add the stubs for the smartcard keys to my keychain
The stub will be automatically generated.
> Is there a tool like this?
To do all of the above automatically? Not that I am aware of.
You might want to write a script. ;)
Alexander
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
