Single GPG key and multiple yubikeys

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Fri Feb 26 12:43:54 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/26/2016 12:31 PM, Martin Konold wrote:
> Am Donnerstag, 25. Februar 2016, 15:56:32 CET schrieb Peter
> Lebbing:
> 
> Hi,
> 
>> Note that it is very impractical to regularly use two smartcards
>> on the same computer because of all this. You should probably
>> stick to using a single smartcard on any single computer.
> 
> In case there is an urgent need to use two smartcards on the same
> computer and account I recommend to make use of scdaemon.conf and
> seperate GNUHOME directories. You may then differentiate between
> the two cards with the gpg -- homedir commandline option.

This sounds somewhat complex given that the it'd require duplication
of configuration and pubring and a separate private key store. A
workaround currently could be to remove the specific keygrip files
from private-keys-v1.d (for gnupg 2.1) for the known stubs and doing a
gpg-connect-agent learn /bye or gpg --card status during e.g smartcard
attachment in an udev rule etc, etc.

But see the thread "Re: stub-key migration from gpg 1.4/2.0 to 2.1"
where it is also discussed some options.

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJW0Dp1AAoJECULev7WN52Fh+0H/Ruw6bBUfAXrwzqf2Z0hi1YB
E3Uuz6GD0U1/1x8C682VriZPoKrW7PYNCQnWHG3/+FV8QvUJoYvbyW0UYX9bjFVl
QFSgDVi7aSVNDoVnUpHpC92CBvm5p4VCcocki3a/5umsncT8ka2o9VoA8sPm9g/u
GGooX59Y9Dyd3K9PpHdn7oai2S9NeWoKsNxaPeIS4mFmtAikJ3e8yVZkJDSnr5x0
TB8s0cVWdc3+4y/FLR/9BtQRFoJ4HEeYjZQVadCB5U9xVtydiaPGE8Oc0xPgCUjW
x81pHi6/NCHKPBDoS5SNhUhIymiblmV9NJp1v4FEunHhHH5mlHo9Yt1XhlvwVis=
=dZCh
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list