GPG, subkeys smartcard and computer

Andrew Gallagher andrewg at andrewg.com
Sun Feb 19 11:24:10 CET 2017


> On 19 Feb 2017, at 08:41, Stefano Tranquillini <stefano.tranquillini at gmail.com> wrote:
> 
> wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the smartcard). 
> Can't I create a new E (called E2) from my master and decrypt the data? Or  the data encrypted are decriptable only by the exact E (E1 in this case) that was used to encrypt it?

You need the *exact* subkey. This is why I make such a big deal about backups! Subkeys are not "created from" the primary, but completely at random. If you create a new subkey it will be completely different from any previous ones. Attaching the subkey to a primary is just a statement saying "don't use the primary key, use this subkey instead". The keys are not mathematically related. This is a feature! ;-)

> ​Can't I export the subkeys to a file and backup that file​ and then move the keys to the card? Will I be able to restore the keys if they get lost?

Easier to just back up the entire .gnupg directory. Why complicate the restore process?

A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170219/3dcdd34d/attachment-0001.html>


More information about the Gnupg-users mailing list