newbie and smartcard, I'm lost.
Didier
gnupg-users at wiroth.neomailbox.net
Fri Sep 13 15:33:16 CEST 2013
Hi,
I'm a newbie ... and I would like to do file and mail encryption from
different PCs at different locations with gnupg.
In any case I would not like to copy my private key on other pcs!
As far as I understood, using a smartcard was the ideal solution as I
won't have to store my private keys on each pc. I would simply have to
use my smartcard f.ex. to encrypt a file with my private key on a
given PC when I need to.
Here is what I did so far, I generated keys on the card:
a) gpg2 --card-edit, and after admin command.
gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
gpg: NOTE: keys are already stored on the card!
Replace existing keys? (y/N) y
What keysize do you want for the Signature key? (2048)
What keysize do you want for the Encryption key? (2048)
What keysize do you want for the Authentication key? (2048)
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N)
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Test
Name must be at least 5 characters long
Real name: Test Test
Email address: test at test.com
Comment:
You selected this USER-ID:
"Test Test "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg: key 7289B2FC marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m,
0f, 1u
pub 2048R/7289B2FC 2013-09-13
Key fingerprint = F699 1939 18B7 C5E1 B01D 2D43 17D9 B703
7289 B2FC
uid Test Test
sub 2048R/9899BBE7 2013-09-13
sub 2048R/9E5C75ED 2013-09-13
1) Why did gpg create a secret key file secring.gpg in the
%appdata%gnugpg directory, shouldn't the secret key file only be
stored on the smarcard?
here is a dir of %appdata%gnupg (the files generated at 15:00 were
created with the card admin generate command???)
13-Sep-13 14:50 private-keys-v1.d
13-Sep-13 15:00 1.751 pubring.bak
13-Sep-13 15:02 1.751 pubring.gpg
13-Sep-13 14:50 0 pubring.gpg.lock
13-Sep-13 14:50 8 reader_0.status
13-Sep-13 14:50 22 S.gpg-agent
13-Sep-13 14:50 22 S.scdaemon
13-Sep-13 15:00 1.826 secring.gpg
13-Sep-13 14:50 0 secring.gpg.lock
13-Sep-13 15:02 1.280 trustdb.gpg
13-Sep-13 14:50 0 trustdb.gpg.lock
Now I'm simulating a move to another computer and I'm renaming the
%appdata%gnugp to %appdata%gnupg.old
Now I'm reissuing the "gpg2 --card-status" command:
gpg: keyring `C:/Users/test/AppData/Roaming/gnupg/secring.gpg' created
gpg: keyring `C:/Users/test/AppData/Roaming/gnupg/pubring.gpg' created
Application ID ...: D2760001240102000005000013B10000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 000013B1
Name of cardholder: Test Test
Language prefs ...: fr
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ..: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 5
Signature key ....: F699 1939 18B7 C5E1 B01D 2D43 17D9 B703 7289
B2FC
created ....: 2013-09-13 12:59:23
Encryption key....: E0A0 95F9 646A 95ED F3E5 49A2 428B F92C 9E5C
75ED
created ....: 2013-09-13 12:59:23
Authentication key: B925 6ED8 BEF6 F17F 7A4D 4E4E F5DC BD13 9899
BBE7
created ....: 2013-09-13 12:59:23
General key info..: [none]
2) Why is "General key info" empty now?
If I do a gpg2 --list-keys, no keys are listed anymore.
3) How can I encrypt a mail or file with my smartcard now on another
PC without copying any files?
Thank you very much for helping me!!!!
Didier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130913/fca389b0/attachment.html>
More information about the Gnupg-users
mailing list