Single GPG key and multiple yubikeys

Richard Genthner richard.genthner at wheniwork.com
Thu Feb 25 15:58:30 CET 2016


Yeah, what I'm hoping to do is be able to carry my card with me and jump 
on a terminal while traveling and sign and login to things.

> Peter Lebbing <mailto:peter at digitalbrains.com>
> February 25, 2016 at 9:56 AM
>
>
> gpg --delete-secret-keys XXX
>
> But don't do this when your primary key is on-disk, only do this when 
> all your secret key material is stubs.
>
> Note that it is very impractical to regularly use two smartcards on 
> the same computer because of all this. You should probably stick to 
> using a single smartcard on any single computer.
>
> HTH,
>
> Peter.
>
> Kristian Fiskerstrand <mailto:kristian.fiskerstrand at sumptuouscapital.com>
> February 25, 2016 at 9:48 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Delete the stubs and do gpg --card-status to learn of the new smartcard
>
>
> - -- 
> - ----------------------------
> Kristian Fiskerstrand
> Blog: https://blog.sumptuouscapital.com
> Twitter: @krifisk
> - ----------------------------
> Public OpenPGP key at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> - ----------------------------
> Aquila non capit muscas
> The eagle does not hunt flies
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCgAGBQJWzxQsAAoJECULev7WN52FVoIIAMSkMuc0/v01e9qHYsC7GL+K
> eVbUBKtZlmOQIhigVs9dU5hXYVMs9kGLDkCmPQJ8M38VzkpELtwOXUiZq7Bm/4rn
> 5NEvzL+PBbHfYo+yAn5ddhUv/usQP3dxVjKNDAF7vsf7arETiddDcuz3xJ6xdDaJ
> A3DlqfTAMqzZaOi0iSMMniXcyn/YsMzoB+WXF0FAKzWZQRuh/BOdfV9h/jZTRShe
> 4WKP26KBwCKViJQGfOzdwIfsSUG54eCh5nL+sMmkBBR942hDQceLcJtw1QRLZc5e
> 0lZqQrVHciJRSOClL4Tr8T5lp2dlVGVb2QepMfsFZNX1JXVBqkgCnBCId/EIxKQ=
> =xZws
> -----END PGP SIGNATURE-----
> Richard Genthner <mailto:richard.genthner at wheniwork.com>
> February 25, 2016 at 9:44 AM
> How do I delete the stubs with out deleting key? and when I do gpg 
> --card-status never updates the application id.
>
>
> Richard Genthner <mailto:richard.genthner at wheniwork.com>
> February 25, 2016 at 8:38 AM
> So I have a single gpg key for work with 3 sub keys. I have copied it 
> to a yubikey nano just fine. Removed the yubi and removed my gpg key 
> and then reimported the gpg key and inserted yubikey number two and 
> did keytocard again for the second yubikey. When ever I do
>
> ssh -l git github.com
>
> gpg-agent[99732]: chan_10 -> SETDESC Please remove the current card 
> and insert the one with serial number:%0A%0A  
> "D2760001240102010006041632600000"

-- 
Richard Genthner

Sr DevOps Engineer

When I Work, Inc. <http://www.wheniwork.com/>

St Paul, MN


Meet Sam <https://www.youtube.com/watch?v=AQ4NuyrZTPc>orGet a free 
T-Shirt here. 
<http://bit.ly/1ENa2Hv><https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160225/5097a9e5/attachment-0001.html>


More information about the Gnupg-users mailing list