Re: [openpgp] Fingerprint schemes versus what to fingerprint

"Derek Atkins" <derek@ihtfp.com> Mon, 11 April 2016 19:51 UTC

Message-ID: <001f8b61900c9516081eed6ee177bde7.squirrel@mail2.ihtfp.org>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4C57DFB@uxcn10-5.UoA.auckland.ac.nz>
References: <43986BDA-010F-4DBF-8989-53E71B74E66A@gmail.com> <20151110021943.GH3896@vauxhall.crustytoothpaste.net> <72665D15-F685-41F6-A477-8E65DBBC5A04@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4C42AC4@uxcn10-5.UoA.auckland.ac.nz>, <sjm1t6c40uy.fsf@securerf.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C56BF1@uxcn10-5.UoA.auckland.ac.nz>, <9652a57c1e22f4ac3d417aebca44851c.squirrel@mail2.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C57DA7@uxcn10-5.UoA.auckland.ac.nz>, <1025d76f337d2f2fe8a11d7626b11158.squirrel@mail2.ihtfp.org> <9A043F3CF02CD34C8E74AC1594475C73F4C57DFB@uxcn10-5.UoA.auckland.ac.nz>
Date: Mon, 11 Apr 2016 15:50:56 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/8ABZxKizVaFe32gVHv8jsJxOd5c>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Derek Atkins <derek@ihtfp.com>, Bryan Ford <brynosaurus@gmail.com>
Subject: Re: [openpgp] Fingerprint schemes versus what to fingerprint
Precedence: list

Hi,

On Mon, April 11, 2016 3:42 pm, Peter Gutmann wrote:
> Derek Atkins <derek@ihtfp.com> writes:
>
>>More specifically:  when you have your card generate your key material,
>> you
>>pull off the public key and then generate your public key, compute your
>>fingerprint data (including OpenPGP metadata), and also create secring
>> data
>>that contains whatever PKCS#11 reference data you need to re-access that
>> key.
>>Later when you use that card/key you know how to reference it.
>
> Where do you store all this stuff?  PKCS #11 doesn't provide a means of
> storing it, you can search by something like the public key or
> issuerAndSerialNumber, but not by hash-of-the-public-key-and-nonce.

Like I said, you put it into your secring.skr file.

> Peter.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

[openpgp] Keyholder-configurable fingerprint sche… Bryan Ford
Re: [openpgp] Keyholder-configurable fingerprint … ianG
Re: [openpgp] Keyholder-configurable fingerprint … ianG
Re: [openpgp] Keyholder-configurable fingerprint … brian m. carlson
[openpgp] Fingerprint schemes versus what to fing… Bryan Ford
Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
Re: [openpgp] Fingerprint schemes versus what to … Peter Gutmann
Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
Re: [openpgp] Fingerprint schemes versus what to … Bryan Ford
Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
Re: [openpgp] Fingerprint schemes versus what to … Bryan Ford
Re: [openpgp] Fingerprint schemes versus what to … Bill Frantz
Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
Re: [openpgp] Fingerprint schemes versus what to … Peter Gutmann
Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Peter Gutmann
Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Derek Atkins
Re: [openpgp] [FORGED] RE: [FORGED] RE: Fingerpri… Peter Gutmann
Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Peter Gutmann
Re: [openpgp] Fingerprint schemes versus what to … Derek Atkins
Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Mark D. Baushke
Re: [openpgp] Fingerprint schemes versus what to … Werner Koch
Re: [openpgp] [FORGED] RE: Fingerprint schemes ve… Werner Koch