Heiko<p>New blog article: "Using a second <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> card for my primary key"</p><p><a href="https://openpgp.foo/posts/2025-07-a-second-card/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openpgp.foo/posts/2025-07-a-se</span><span class="invisible">cond-card/</span></a></p><p>This is a rather niche article, but I hope it will still contain some bits of interest, for at least some readers 🤓.</p><p>In it, I import my primary OpenPGP key onto a second OpenPGP card hardware device, and use the device to issue a third-party certification with rsop-oct.</p><p>I also outline some background and tradeoffs around different OpenPGP card setup.</p><p><a href="https://floss.social/tags/HSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HSM</span></a> <a href="https://floss.social/tags/OpenPGPcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGPcard</span></a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.6Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#openpgpcard
0 posts · 0 participants · 0 posts today
Chris Vogel<p>gpg monday</p><p><a href="https://chrichri.ween.de/articles/269e88f/gpg-monday" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chrichri.ween.de/articles/269e</span><span class="invisible">88f/gpg-monday</span></a></p>
Heiko<p>I just released version 0.1.6 of the simple experimental standalone SSH agent for <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="tag">#<span>OpenPGP</span></a> cards (<a href="https://crates.io/crates/openpgp-card-ssh-agent/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">crates.io/crates/openpgp-card-</span><span class="invisible">ssh-agent/</span></a>).</p><p>This release adds support for NIST keys, while relying on fewer dependencies.</p><p><a href="https://fosstodon.org/tags/OpenSSH" class="mention hashtag" rel="tag">#<span>OpenSSH</span></a> <a href="https://fosstodon.org/tags/OpenPGPCard" class="mention hashtag" rel="tag">#<span>OpenPGPCard</span></a></p>
Heiko<p>I just released version 0.1.5 of the simple experimental standalone SSH agent for <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="tag">#<span>OpenPGP</span></a> cards (<a href="https://crates.io/crates/openpgp-card-ssh-agent/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">crates.io/crates/openpgp-card-</span><span class="invisible">ssh-agent/</span></a>).</p><p>This is a minor update in terms of functionality.</p><p>However, it marks a move of the crate to the <span class="h-card" translate="no"><a href="https://social.anoxinon.de/@Codeberg" class="u-url mention">@<span>Codeberg</span></a></span> platform (including an integration test in Codeberg's Woodpecker CI, testing the agent against a virtual OpenPGP card: <a href="https://ci.codeberg.org/openpgp-card/ssh-agent/pipeline/31" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">ci.codeberg.org/openpgp-card/s</span><span class="invisible">sh-agent/pipeline/31</span></a>)</p><p><a href="https://fosstodon.org/tags/OpenSSH" class="mention hashtag" rel="tag">#<span>OpenSSH</span></a> <a href="https://fosstodon.org/tags/OpenPGPCard" class="mention hashtag" rel="tag">#<span>OpenPGPCard</span></a> <a href="https://fosstodon.org/tags/SequoiaPGP" class="mention hashtag" rel="tag">#<span>SequoiaPGP</span></a></p>
Chris Vogel<p>For the moment being I decided to disable the use of the <a href="https://chrichri.ween.de/t/openpgpcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGPcard</span></a> inside my <a href="https://chrichri.ween.de/t/librem5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Librem5</span></a> to force the use of my <a href="https://chrichri.ween.de/t/libremkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibremKey</span></a> when gpg is needed on the phone.</p>
<p>Support for multiple smartcards is <a href="https://marc.info/?l=gnupg-users&m=162634498923286&w=2" rel="nofollow noopener" target="_blank">improved in gpg 2.3.x</a> I read which is not available for my distribution, yet.</p>
<p>This way pass works with the externally connected LibremKey/<a href="https://chrichri.ween.de/t/nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nitrokey</span></a> as expected.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload