Backup-Option of 'card-edit->generate' not working as intended?

Alexander Paetzelt | Nitrokey alex at nitrokey.com
Sat Aug 5 13:23:01 CEST 2017


Hello,

I really tried allot now and after fully reading this discussion
https://lists.gt.net/gnupg/users/80661#80660 and after getting a
confirmation and a suggestion what is probably going wrong of a user, I
hope you may can help me and maybe fix the problem.

*What I want to do*
Create a key for a gnupg smartcard and having a backup of the whole
keypair for the case that the stick got broken or just to copy the keys
to another stick. To keep it simple, I tried the generation option of
gpg, that intends to create the keypair and inserting it to the card or
respectively create the keys on card. This have also a backup-option.

*What I tried*
- inserting new/reseted keycard
- 'gpg --card-edit' -> 'admin' -> 'generate'
- I will be asked, if I would like to have an backup generated. Oh yes,
that would be great!
- After completion I am told that the backup is in .gnupg/sk_xxxxx.gpg
- This backup can be imported to a keyring, but neither asked for a
passphrase nor contains a valid private key.
- The very same seems to be done by Enigmails function to generate keys
on smartcards
- It is basically what is shown here
https://www.gnupg.org/howtos/card-howto/en/ch03s03.html

*What seems to happen*
- The 'backup' probably only contains one of the three key generated in
the process and therefore cannot fully restore the keys of the card
- Furthermore the secret key seems to be not included or cannot be imported

*What I would wish/expect from the creation with backup*
I would have thought that the backup file contains everything needed to
restore the key otherwise secured in the card, even the passphrase
protected privkey. So either the term "backup" is misleading or
something goes wrong in the process.

Do you have any idea what I may doing wrong or what we can do about it?

I am fully aware, that I can first create a keypair with subkey and then
import them into the card. It would just be great if there would be an
easier option for users as this option is far more complex.

I am using gpg 2.1.21.

Thank you in advance for your help! Please tell me if I anything of my
explanation is unclear.

Kind regards
Alex




More information about the Gnupg-users mailing list