Derek Atkins <derek(_at_)ihtfp(_dot_)com> writes:
On Mon, April 11, 2016 3:42 pm, Peter Gutmann wrote:
Derek Atkins <derek(_at_)ihtfp(_dot_)com> writes:
More specifically: when you have your card generate your key material, you
pull off the public key and then generate your public key, compute your
fingerprint data (including OpenPGP metadata), and also create secring data
that contains whatever PKCS#11 reference data you need to re-access that key.
Later when you use that card/key you know how to reference it.
Where do you store all this stuff? PKCS #11 doesn't provide a means of
storing it, you can search by something like the public key or
issuerAndSerialNumber, but not by hash-of-the-public-key-and-nonce.
Like I said, you put it into your secring.skr file.
But you can't store a secring.skr file on a PKCS #11 device. Or are you
expecting the user to carry around a smart card and a separate USB key with
all the stuff that can't be stored on the smart card, with an app that knows
how to combine all the bits and pieces together to make use of it?
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp