Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Peter Lebbing
On 03/06/13 20:10, Mustrum wrote: > Note that there is NO valid choice. Stick it in signature, that works. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Peter Lebbing
On 03/06/13 14:41, Branko Majic wrote: > Does anyone utilise this kind of schema? I do this as well. The primary key is on a different card than the subkeys. Unlike Pete, I had to resort to some key splitting and recombination tricks to get GnuPG to recognise the situation. Perhaps this has since

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Mustrum
Peter Lebbing a écrit : >On 03/06/13 20:10, Mustrum wrote: >> Note that there is NO valid choice. > >Stick it in signature, that works. > >Peter. -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter Lebbing a écrit : On 03/06/13 20:10, Mustrum wrote: Note that there is NO valid choice. St

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Peter Lebbing
On 05/06/13 12:55, Mustrum wrote: > The keytocard command displays the 3 slots, but none of them are listed as > a valid choice. I've to choose from an empty list. Ah. I hadn't noticed that. I believe the problem is that the "Key attributes" (displayed on --card-edit) force a specific keylength an

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Mustrum
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Le 05/06/2013 14:50, Peter Lebbing a écrit : > On 05/06/13 12:55, Mustrum wrote: >> The keytocard command displays the 3 slots, but none of them are >> listed as a valid choice. I've to choose from an empty list. > > Ah. I hadn't noticed that. I bel

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Peter Lebbing
On 05/06/13 19:37, Mustrum wrote: > I'm quite sur the root cause is the "certification only" capacity of my > key: I'm quite sure I never had data signature capability on my primary key. And I moved it to an OpenPGP v2 card, so it worked for me. I did use a 2048-bit key, but I don't see why that s

Read --status-fd with Expect

2013-06-05 Thread Jack Bates
I am working on non-interactively creating a new subkey, with Expect and --status-fd, but I haven't figured out how to read from --status-fd with Expect: $ expect -c ' spawn gpg --status-fd 3 --edit-key CF11451A9BF0C50DA6B17B5926FB09F7C0D5639E addkey; interact' spawn gpg --status-fd 3 --edit-

Re: Separate OpenPGP cards for master key and sub-keys

2013-06-05 Thread Mustrum
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Le 05/06/2013 20:20, Peter Lebbing a écrit : > On 05/06/13 19:37, Mustrum wrote: >> I'm quite sur the root cause is the "certification only" capacity >> of my key: > > I'm quite sure I never had data signature capability on my primary > key. And I m

Re: Read --status-fd with Expect

2013-06-05 Thread Fraser Tweedale
Hi Jack, The argument to --status-fd must be an open file descriptor. Not sure of a way to open a raw file descriptor in expect, but you could use mkfifo(1) and the --status-file argument instead, I think. Regards, Fraser On Wed, Jun 05, 2013 at 11:14:27AM -0700, Jack Bates wrote: > I am worki