gnupg and smartcard -> recovery issues

listac at nebelschwaden.de listac at nebelschwaden.de
Tue Oct 27 10:49:22 CET 2009 

Hello,

I am currently struggeling with smartcard and gnupg. The basic stuff
works, but where it gets interesting the howtos I've found end and I am
not able to figure out how to do it correctly:


Scenario 1:
I have created a key on the disk (ordinary way, without card) and now
decide, that I want to use the card instead. And only the card. So I issue
an --edit-key <ID> and toggle && keytocard.

I remove the card and try to decrypt a file. Decrypting still works
without a card being inserted and the password instead of the PIN. Ok, not
what I intended, but somewhat comprehendible, as the key is still on
drive.

No problem, so I completely remove the .gnupg folder, do a --list-key for
it to be recreated, insert the card and try to decrypt the file. Gnupg
complains about "no valid OpenPGP Data found" (translated from german).
Even though the key is visible with --card-status.

Now, what is really most important to me and what I would like to know: 
What to do / how to use the card on a virgin system?


Scenario 2:
Virgin System again, I create the key on the card with the backup key
written to disk. Now I have some cryptical_name.gpg file.

However, someday, that's all I have left. I've lost the card, I've lost
the .gnupg folder and all my backup tapes.

All I have is the cryptical_name.gpg on some rescued USB stick. Just, how
do I get this key back on my card please?

#gpg --import sk_13510880590EE2D4.gpg
gpg: key 590EE2D4: no user ID
gpg: Total number processed: 1
gpg:       secret keys read: 1

#gpg --allow-secret-key-import sk_13510880590EE2D4.gpg
sec  1024R/590EE2D4 2009-10-27

#gpg --allow-secret-key-import --import sk_13510880590EE2D4.gpg
gpg: key 590EE2D4: no user ID
gpg: Total number processed: 1
gpg:       secret keys read: 1


But: gpg --list[-secret-key] does never show anything.

This behaviour is true for gnupg1.4x on linux as well as the latest
gpg4win, using gnupg2.0.12.
I haven't managed to find any linux distribution so far, where gnupg2 is
working with my card or reader. But that'll be another post.
Card is the kernelconcepts gnupg card v2.0. Reader a Dell Keyboard reader.

Last question:
Is there any way, to the copy the key on the card to the drive? Or do a
backup after generation?

Thanks to anyone who took time to read and tries to help.

More information about the Gnupg-users mailing list