Welcome to fish, the friendly interactive shell
Type help for instructions on how to use fish
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
Fx6F9zKm65NM/BdDtsg4GQVJ4dTjqeZgneMamU8/efX+/J24UczYME0ZRPPUaOxAJm/lRoaMZ8YnQjX9
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random  0 60 | xxd
00000000: bb72 4003 b73b 98e3 ee74 4454 1a46 9c7e  .r@..;...tDT.F.~
00000010: ae6e eaad e6fa 3110 0cb4 8ad1 9b8c e8c4  .n....1.........
00000020: 6f9d b96d 5815 2004 c648 43b7 efd8 1964  o..mX. ..HC....d
00000030: 2a64 d282 c8e0 0f4f d76c 8960            *d.....O.l.`
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
5P7DEG8rdcyeO1w6MQQGtl1BbrbYSIDWwZZaez1rHhfGmmn8o1j5fAO6xhSJ52oXmk1GI64BThNBDWWv
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
a/rvHTpbxWPNtiGc2bitPsFimslIdJIjJcA8SOWGyDErCGlRKezfk9wfofTA14uElI/gey33gdHeav7c
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
EQLNQeFn0CWxs9pZcFhfVJOgtualTmf1yqdVT5RNjLrKMp5Hf9kWuon7jvQQX5jFN+TgIdGARRoehAL5
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
VddkF6h8RW9m+hL/M2I6S62/+NwGbj0uMuZrd3x2sGcWd41NBC22QUKhPFF0PryGPM680fJI7d6qNOyQ
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
UtN6vjmVCyPLWNVA+W+8jMxyOHRzykU0pT1ASAuVuPNdrOrOnm0G6lYfwhO0lSR1MQRVZOzJckB+BAYu
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
AudP+asPOMzTcRWEyF/hotyRp3ENfVLNsYbHpLFGluqEco27D+vnIzmWN0LfqwEtMrGcBNQfPOp8FOk1
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
fBNi9y7gNhGWoEJIKO1I/DifTxob/iefg1gyPoyRlC78cs87EEDoBAyWQqfsJZT3MCpZEn8YJ0cjSYyk
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
FHpE2xDZ2lTMGUFFIUZzWk27x5HPn6LaZR7F1lg8kg2PbJh34C/F3/bSpbswrOMsiBNZC9uJ8ZTJcA6Y
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --gen-random --armor 0 60
23Q6OMZdwf+v9BqUJDgc+YhdraenHjAsYNCp6IgbrvhDf8CU2aZYkkNXHimgSp4+1PKa8EojSEwSgQoF
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --card-edit

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> factory-reset
gpg: OpenPGP card no. D276000124010304000FD74AECE20000 detected

gpg: Note: This command destroys all keys stored on the card!

Continue? (y/N) y
Really do a factory reset? (enter "yes") yes

gpg/card> kdf-setup
gpg: error for setup KDF: Bad PIN

gpg/card> kdf-setup

gpg/card> list

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> passwd
gpg: OpenPGP card no. D276000124010304000FD74AECE20000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection?

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q

gpg/card> key-attr
Changing card key attribute for: Signature key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1
The card will now be re-configured to generate a key of type: ed25519
Note: There is no guarantee that the card supports the requested
      key type or size.  If the key generation does not succeed,
      please check the documentation of your card to see which
      key types and sizes are supported.
Changing card key attribute for: Encryption key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1
The card will now be re-configured to generate a key of type: cv25519
Changing card key attribute for: Authentication key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1
The card will now be re-configured to generate a key of type: ed25519

gpg/card> forcesig

gpg/card> name
Cardholder's surname: Build System Key 3.
Cardholder's given name: OpenWrt

gpg/card> url
URL to retrieve public key: https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc
;hb=HEAD

gpg/card> passwd
gpg: OpenPGP card no. D276000124010304000FD74AECE20000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1
Error changing the PIN: Card error

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q

gpg/card>

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: OpenWrt Build System Key 3.
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc;hb=HEAD
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card>

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: OpenWrt Build System Key 3.
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc;hb=HEAD
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card>
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) [2]$ gpg --generate-key
gpg (GnuPG) 2.4.0; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: remove@test
Email address: remove@test
You selected this USER-ID:
    "remove@test <remove@test>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: directory '/home/sz/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/sz/.gnupg/openpgp-revocs.d/C2B43E52659042528991F4B0E417F69694
429556.rev'
public and secret key created and signed.

pub   ed25519 2023-05-15 [SC] [expires: 2025-05-14]
      C2B43E52659042528991F4B0E417F69694429556
uid                      remove@test <remove@test>
sub   cv25519 2023-05-15 [E] [expires: 2025-05-14]

~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --card-edit

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: OpenWrt Build System Key 3.
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc;hb=HEAD
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> keytocard

Invalid command  (try "help")

gpg/card> admin
Admin commands are allowed

gpg/card> keytocard

Invalid command  (try "help")

gpg/card>
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --edit-key gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2024-01-17
                                                            gpg --edit-key E417F69694429556
gpg (GnuPG) 2.4.0; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/E417F69694429556
     created: 2023-05-15  expires: 2025-05-14  usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/AD15EF090E6F2ABB
     created: 2023-05-15  expires: 2025-05-14  usage: E
[ultimate] (1). remove@test <remove@test>

gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 1

sec  ed25519/E417F69694429556
     created: 2023-05-15  expires: 2025-05-14  usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/AD15EF090E6F2ABB
     created: 2023-05-15  expires: 2025-05-14  usage: E
[ultimate] (1). remove@test <remove@test>

gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 3

sec  ed25519/E417F69694429556
     created: 2023-05-15  expires: 2025-05-14  usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/AD15EF090E6F2ABB
     created: 2023-05-15  expires: 2025-05-14  usage: E
[ultimate] (1). remove@test <remove@test>

gpg>

sec  ed25519/E417F69694429556
     created: 2023-05-15  expires: 2025-05-14  usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/AD15EF090E6F2ABB
     created: 2023-05-15  expires: 2025-05-14  usage: E
[ultimate] (1). remove@test <remove@test>

gpg>
Save changes? (y/N) y
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg --card-edit

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: OpenWrt Build System Key 3.
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc;hb=HEAD
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: C2B4 3E52 6590 4252 8991  F4B0 E417 F696 9442 9556
      created ....: 2023-05-15 14:41:22
Encryption key....: [none]
Authentication key: C2B4 3E52 6590 4252 8991  F4B0 E417 F696 9442 9556
      created ....: 2023-05-15 14:41:22
General key info..:
pub  ed25519/E417F69694429556 2023-05-15 remove@test <remove@test>
sec>  ed25519/E417F69694429556  created: 2023-05-15  expires: 2025-05-14
                                card-no: 000F D74AECE2
ssb   cv25519/AD15EF090E6F2ABB  created: 2023-05-15  expires: 2025-05-14

gpg/card>

Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Application ID ...: D276000124010304000FD74AECE20000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: D74AECE2
Name of cardholder: OpenWrt Build System Key 3.
Language prefs ...: [not set]
Salutation .......:
URL of public key : https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CAE438715492B555.asc;hb=HEAD
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: on
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: C2B4 3E52 6590 4252 8991  F4B0 E417 F696 9442 9556
      created ....: 2023-05-15 14:41:22
Encryption key....: [none]
Authentication key: C2B4 3E52 6590 4252 8991  F4B0 E417 F696 9442 9556
      created ....: 2023-05-15 14:41:22
General key info..:
pub  ed25519/E417F69694429556 2023-05-15 remove@test <remove@test>
sec>  ed25519/E417F69694429556  created: 2023-05-15  expires: 2025-05-14
                                card-no: 000F D74AECE2
ssb   cv25519/AD15EF090E6F2ABB  created: 2023-05-15  expires: 2025-05-14

gpg/card>
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ cat
Used 23Q6OMZdwf+v9BqUJDgc+YhdraenHjAsYNCp6IgbrvhDf8CU2aZYkkNXHimgSp4+1PKa8EojSEwSgQoF as Admin PIN here
Used 23Q6OMZdwf+v9BqUJDgc+YhdraenHjAsYNCp6IgbrvhDf8CU2aZYkkNXHimgSp4+1PKa8EojSEwSgQoF as Admin PIN here
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $ gpg2 --version
gpg (GnuPG) 2.4.0
libgcrypt 1.10.2-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/sz/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
~/w/trussed-secrets-app (66-refactor-cmd-credential-2|✚2) $