turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

opgpcard: Document optionally binding User IDs to certificates in 'admin generate' and 'pubkey'.

Browse source
This commit is contained in:
Heiko Schaefer 2022-09-04 20:45:04 +02:00
parent 9aff50d2d3
commit 69ea7c453b
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
tools/README.md
View file

@ -181,6 +181,14 @@ And/or pass the User PIN as a file, for non-interactive use:
$ opgpcard pubkey -p <user-pin-file>
```
In the process of exporting the key material on a card as a certificate (public key), one or more User IDs can be
bound to the certificate:
```
$ opgpcard pubkey -p <user-pin-file> --user-id "Alice Adams <alice@example.org>"
```
#### Caution: the exported public key material isn't always what you want
The result of exporting public key material from a card is only an approximation of the original public key, since
@ -455,6 +463,13 @@ x3z8hDoRKAU=
-----END PGP PUBLIC KEY BLOCK-----
```
In the context of generating key material, one or more User IDs can be bound to the exported certificate:
```
$ opgpcard admin --card ABCD:01234567 generate --user-id "Alice Adams <alice@example.org>" --output <output-cert-file> 25519
```
### Signing
For now, this tool only supports creating detached signatures, like this