@ganyo 副鍵を移し忘れてたりするのかもです
gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
@zundan PCで見た時は大丈夫だったと思うのですが
帰ったら確認してみます
@zundan うーん
Cert鍵とSign鍵が別だとうまくいかないんですかねぇ...
@ganyo むーん…。gpg> keytocardでYubiKey側に副鍵のスロットが2つしかないとかでしょうか…
gpg> keytocard
Please select where to store the key:
(2) Encryption key
Your selection? 2
や、3つ副鍵があると3スロット目も見えそうですね…
> When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey.
https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
@zundan で、4つは無いのでCERT鍵をkeytocardしようとするとsignの所へ誘導するんですね...
gpg> keytocard
この主鍵を本当に移動しますか? (y/N) y
鍵を保管する場所を選択してください:
(1) 署名鍵
あなたの選択は?
@ganyo https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements_to_OpenPGP_3.4.html あたりを理解すると何かわかるのかも…
> Attestation is supported for all combinations of attestation key and attested key, except the attestation key cannot be from the curve25519 family. A fourth key slot is reserved for an attestation key. If specifying it by ID, it is Key ID 0x81. The Attestation template certificate is stored on a fourth user certificate slot reserved for it. It is selected directly with SELECT_DATA index 4. It can also be retrieved by calling GET_NEXT_DATA three times after SELECT_DATA on index 1