You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm using an nCipher HSM as my pkcs11 device. I have my key available and can do normal pkcs11 signing with it but this key isnt appearing during the LEARN command.
When I originally got the key into gpg on another system the application ID value (and card serial) shown by doing "gpg --card-status" showed different values.
Application ID ...: D27600012401115031312CF4EEE61111
Application type .: OpenPGP
Version ..........: 11.50
Manufacturer .....: unknown
Serial number ....: 2CF4EEE6
Now, with a different computer the same command now reports.
Application ID ...: D2760001240111503131476E4A811111
Application type .: OpenPGP
Version ..........: 11.50
Manufacturer .....: unknown
Serial number ....: 476E4A81
This now means that the agent prompts me to insert a card with the "2CF4EEE6" serial.
If however I hex edit the gpg shadow file to set the new value, my token is loaded and signs correctly.
Where are we getting this application ID string from? is it possible to override it? or generate it in a way that is consistent with only data on a token?
The text was updated successfully, but these errors were encountered:
inorton-entrust
changed the title
keys without certifificates are not shown during learn?
card serials change and keys without certifificates are not shown during learn?
Nov 16, 2024
Hi, I'm using an nCipher HSM as my pkcs11 device. I have my key available and can do normal pkcs11 signing with it but this key isnt appearing during the LEARN command.
When I originally got the key into gpg on another system the application ID value (and card serial) shown by doing "gpg --card-status" showed different values.
Now, with a different computer the same command now reports.
This now means that the agent prompts me to insert a card with the "2CF4EEE6" serial.
If however I hex edit the gpg shadow file to set the new value, my token is loaded and signs correctly.
Where are we getting this application ID string from? is it possible to override it? or generate it in a way that is consistent with only data on a token?
The text was updated successfully, but these errors were encountered: