GnuPG card && using the backup secret key

Matthias Apitz guru at unixarea.de
Mon Jun 12 20:12:57 CEST 2017


Please note: I have changed the Subject: of the thread to match better
the real problem. 

During generating the keys on the GnuPG card, one can (and should)
create some backup of the secret key into a file. It is totally unclear
to me how to make something usefull out of this file, for example import
it into a "normal" secret keyring to use it in case of the GnuPG acrd
gots lost.

I followed some hints of  Damien Goutte-Gattat (thanks) and did:

> > First, remove the private key stubs:
> > 
> >    $ rm ~/.gnupg/private-keys-v1.d/*.key
> > 
> > Then, import your backup:
> > 
> >    $ gpg2 --import backup.gpg
> > 
> > You will then be prompted for the passphrase you choose when the backup 
> > was created.
> 
> I did what you suggested, but:
> 
> $ pwd
> /home/guru/.gnupg-test
> $ rm -f private-keys-v1.d/*.key
> $ GNUPGHOME=/home/guru/.gnupg-test export GNUPGHOME
> $ gpg2 --import sk_61F1ECB625C9A6C3.gpg
> gpg: key 61F1ECB625C9A6C3: no user ID
> gpg: Total number processed: 1
> gpg:       secret keys read: 1
> $ ls -l sk_61F1ECB625C9A6C3.gpg
> -r--------  1 guru  wheel  1865 May 14 20:29 sk_61F1ECB625C9A6C3.gpg
> 
> the file is what was swritte as backup on May 14.
> 

With Don Google I found this older thread in this mailing list here:

https://lists.gt.net/gnupg/users/40851

where Werner said after some (today outdated) hints:

«... 
Put a "disable-scdaemon" into gpg-agent.conf, give gpg-agent a HUP and
check that no scdaemon is running anymore (you may just kill it). Then
use "gpg --no-use-agent --edit-key". The command "bkuptocard" may then
be used to store a backup key on a card.

Yes, we really need a howto on recovering smartcard keys. ...»

Was such a howto ever written?

Thanks

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170612/8cc65c15/attachment.sig>


More information about the Gnupg-users mailing list