GnuPG card && using the backup secret key
Matthias Apitz
guru at unixarea.de
Mon Jun 12 20:12:57 CEST 2017
Please note: I have changed the Subject: of the thread to match better
the real problem.
During generating the keys on the GnuPG card, one can (and should)
create some backup of the secret key into a file. It is totally unclear
to me how to make something usefull out of this file, for example import
it into a "normal" secret keyring to use it in case of the GnuPG acrd
gots lost.
I followed some hints of Damien Goutte-Gattat (thanks) and did:
> > First, remove the private key stubs:
> >
> > $ rm ~/.gnupg/private-keys-v1.d/*.key
> >
> > Then, import your backup:
> >
> > $ gpg2 --import backup.gpg
> >
> > You will then be prompted for the passphrase you choose when the backup
> > was created.
>
> I did what you suggested, but:
>
> $ pwd
> /home/guru/.gnupg-test
> $ rm -f private-keys-v1.d/*.key
> $ GNUPGHOME=/home/guru/.gnupg-test export GNUPGHOME
> $ gpg2 --import sk_61F1ECB625C9A6C3.gpg
> gpg: key 61F1ECB625C9A6C3: no user ID
> gpg: Total number processed: 1
> gpg: secret keys read: 1
> $ ls -l sk_61F1ECB625C9A6C3.gpg
> -r-------- 1 guru wheel 1865 May 14 20:29 sk_61F1ECB625C9A6C3.gpg
>
> the file is what was swritte as backup on May 14.
>
With Don Google I found this older thread in this mailing list here:
https://lists.gt.net/gnupg/users/40851
where Werner said after some (today outdated) hints:
«...
Put a "disable-scdaemon" into gpg-agent.conf, give gpg-agent a HUP and
check that no scdaemon is running anymore (you may just kill it). Then
use "gpg --no-use-agent --edit-key". The command "bkuptocard" may then
be used to store a backup key on a card.
Yes, we really need a howto on recovering smartcard keys. ...»
Was such a howto ever written?
Thanks
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170612/8cc65c15/attachment.sig>
More information about the Gnupg-users
mailing list