OpenPGP card issues
wk at gnupg.org
Mon Jan 24 10:49:10 CET 2005
On Sat, 22 Jan 2005 16:57:37 +0100, David Lorch said:
> 1) During key generation, gpg says "signing failed: wrong secret key
> used" -- this results in a non-self-signed user id in the new key.
> (See full gpg output at the end of this email).
We have a solution for this but its not yet in the CVS. The scary
thing is that it never happened to me
> 2) Apart from the card's PIN, the program also asks for a passphrase for
> the new key. What use is this with a card key? I afterwards tried
> signing a file with the card and was only asked for the card's PIN, not
> for this passphrase?
The default is to create a backup key; you might have seen the
prompt. That backup key is stored encrypted on disk; it should be
moved to another medium of course.
> 3) During key generation, gpg asked whether to make an off-card backup
> of the encryption key, which I told it to do.
> Now I've got a file called "sk_[something].gpg" that contains the secret
> encryption key in case I ever lose the card.
I should read the entire mail first ;-)
> I cannot get gpg to import the backup of my secret encryption subkey.
> This especially worries me because I really want a working backup of the
> encryption key.
Well, there is no real support for it yet. The workaround is
complicated but it should do it:
1. Create a dummy user ID using gpgsplit or use the attached one.
2. mkdir dummy1
3. cd dummy1
4. cat somewhere/sk_1234567890bcdef.key dummy.user_id >x.key
(For Windows you need to use:
copy /b somewhere\sk_1234567890bcdef.key+dummy.user_id x.key)
5. gpg --homedir . -v --import --allow-non-selfsigned-uid x.key
6. gpg --key-edit 1234567890bcdef
7. On the edit command prompt do:
8. Follow the prompts. The key will be transferred to the card.
9. Delete the temporary cruft (i.e. the entire dummy1 directory)
Agreed, that's not easy - I will add an appropriate command ASAP.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 46 bytes
Desc: not available
Url : /pipermail/attachments/20050124/43aae5bd/dummy.obj
More information about the Gnupg-users