Separate OpenPGP cards for master key and sub-keys

Peter Lebbing peter at digitalbrains.com
Sat Jun 8 12:50:23 CEST 2013


I thought of another way to get the key on the card. During on-card key
generation, you're prompted if you want to make a backup in a file.

Such a backup is just a bare OpenPGP secret key material packet. It doesn't
have key usage flags, so they can't be in the way either.

We can create an equivalent file that contains the key material from your
normal key, so we can move it to the card. Note that we disable a lot of
safety checks by GnuPG by manipulating it like this. But I just did some
testing with an empty OpenPGP v2 card and GnuPG 2.0.20, and I can reproduce
your problem: a key with just Certify ability will not be copied to a card;
the list of options is empty as you said. If I create a key with Certify and
Sign on the primary key, I /can/ move it to the card, and it will also
correctly issue certifications from the card.

To get a bare OpenPGP secret key material packet for your key (adapt to your
situation):

------------8<--------cut here-------->8------------

peter at tweek:~$ gpg2 -o bla.gpg --export-secret-keys AE2B4D8A
peter at tweek:~$ gpg2 --list-packets bla.gpg
:secret key packet:
        version 4, algo 1, created 1370686349, expires 0
        skey[0]: [4096 bits]
        skey[1]: [17 bits]
        iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: e627f9a2e13fb52d
[...]
^^^ Check that the secret key packet is a real secret key: it has a normal
String-to-Key specifier (S2K). What you don't want to see is "gnu-dummy S2K"
or "gnu-divert-to-card S2K" (although the latter is our goal).

peter at tweek:~$ cd tmp/
peter at tweek:~/tmp$ gpgsplit ../bla.gpg
peter at tweek:~/tmp$ ls
000001-005.secret_key  000003-002.sig            000005-002.sig
000007-002.sig
000002-013.user_id     000004-007.secret_subkey  000006-007.secret_subkey
peter at tweek:~/tmp$ gpg2 --edit-key AE2B4D8A
[...]
Secret key is available.

pub  4096R/AE2B4D8A  created: 2013-06-08  expires: 2013-06-15  usage: C
                     trust: ultimate      validity: ultimate
sub  2048R/34B258B1  created: 2013-06-08  expires: 2013-06-15  usage: S
sub  2048R/AF72E72E  created: 2013-06-08  expires: 2013-06-15  usage: E
[ultimate] (1). Testkey

gpg> toggle
[...]
gpg> bkuptocard 000001-005.secret_key
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]

Please select where to store the key:
   (1) Signature key
   (2) Encryption key
   (3) Authentication key
Your selection? 1
[...]
gpg> quit
Save changes? (y/N)
Quit without saving? (y/N) y

^^^ GnuPG thinks something has changed about the key. It has not, and it is
safe to save, but err on the side of caution anyway.

------------8<--------cut here-------->8------------

Now you have the key on the card. Obviously, you also still have the secret
key on your keyring. That copy has to go; but think about what you're doing
and if you still have backups. We already covered the case of two smartcards,
with the subkeys on a separate smartcard, elsewhere in the thread. I'm just
going to throw away the secret key now, but obviously I also lose the subkeys
in the process. So think about what you're doing.

peter at tweek:~$ gpg2 --delete-secret-keys AE2B4D8A
[...]
peter at tweek:~$ gpg2 --card-status
[...]
Signature key ....: 522A 0C00 D2B3 E5A0 2003  0F7E 4E70 3236 AE2B 4D8A
      created ....: 2013-06-08 10:12:29
Encryption key....: [none]
Authentication key: [none]
General key info..: pub  4096R/AE2B4D8A 2013-06-08 Testkey
sec>  4096R/AE2B4D8A  created: 2013-06-08  expires: 2013-06-15
                      card-no: 0005 0000106E
ssb#  2048R/34B258B1  created: 2013-06-08  expires: 2013-06-15
ssb#  2048R/AF72E72E  created: 2013-06-08  expires: 2013-06-15

Et voilà, we have the needed stub. Let's see what the secret key looks like:

peter at tweek:~$ gpg2 --export-secret-keys AE2B4D8A|gpg --list-packets
:secret key packet:
        version 4, algo 1, created 1370686349, expires 0
        skey[0]: [4096 bits]
        skey[1]: [17 bits]
        gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0

That's correct! And it also works: I could certify another test key with my
smartcard.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list