Using a GnuPG CCID card in another computer (follow-up)

Matthias Apitz guru at unixarea.de
Tue May 16 07:55:54 CEST 2017 

El día lunes, mayo 15, 2017 a las 07:25:12p. m. +0200, Matthias Apitz escribió:

> 
> Hello,
> 
> I have a GnuPG smart card OMNIKEY 6121 Mobile USB and configured its
> use in my FreeBSD 12-CURRENT netbook, generated keys and I'm able to use
> it to login with SSH into other servers (after moving the pub key to
> the server into ~/.ssh/authorized_keys); the only tricky part was to figure
> out how to enter the PIN behind 'ssh' --> 'gpg-agent' --> /usr/local/bin/pinentry
> 
> So far so good.
> 
> Now I wanted the same SIM in another FreeBSD workstation (at work), but when
> I do use it there, for example with 'gpg2 --card-status', there is no key in the
> card and as well 'gpg2 --export-ssh-key guru' does not know how to
> export the key due to missing pub key. 
> 
> Should I move the full content of ~/.gnupg as well to the 2nd computer?
> And if so, why? I was thinking that all the key material (apart of the
> backup) is on the SIM and I only need its PIN...

Follow-up.

I have now copied all the files below to the other workstation and now all is
fine there too, i.e. I can export the pub key with 'gpg2 --export-ssh-key guru'
and use it for SSH being asked for the PIN of the card. The files are:

$ ls -lR .gnupg
total 52
-rw-------  1 guru  wheel  2649 12 may.  22:41 dirmngr.conf
-rw-r--r--  1 guru  wheel    19 15 may.  11:41 gpg-agent.conf
-rw-------  1 guru  wheel  5191 12 may.  22:41 gpg.conf
drwx------  2 guru  wheel   512 14 may.  20:30 openpgp-revocs.d
drwx------  2 guru  wheel   512 14 may.  20:29 private-keys-v1.d
-rw-r--r--  1 guru  wheel  3573 14 may.  20:30 pubring.kbx
-rw-------  1 guru  wheel    32 12 may.  22:41 pubring.kbx~
-rw-------  1 guru  wheel   600 15 may.  09:58 random_seed
-rw-r--r--  1 guru  wheel     7 15 may.  15:21 reader_0.status
-rw-------  1 guru  wheel  1865 14 may.  20:29 sk_61F1ECB625C9A6C3.gpg
-rw-r-----  1 guru  wheel   676 15 may.  11:45 sshcontrol
-rw-------  1 guru  wheel  1280 15 may.  09:23 trustdb.gpg

.gnupg/openpgp-revocs.d:
total 4
-rw-------  1 guru  wheel  1799 14 may.  20:30 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11.rev

.gnupg/private-keys-v1.d:
total 24
-rw-------  1 guru  wheel  1873 14 may.  20:17 147F71A678B411855B4BCCC48FAEC8689B5E1C23.key
-rw-------  1 guru  wheel   615 14 may.  20:29 314DE72F03D41683E06A504769970A1643825B38.key
-rw-------  1 guru  wheel   617 14 may.  20:09 45BDBABA30A3511D507B8A08A28D425F7CD417C6.key
-rw-------  1 guru  wheel   615 14 may.  20:29 7E22A904DB3BE5A98F98AFDEED61DF1364DD949B.key
-rw-------  1 guru  wheel   615 14 may.  20:29 937BA1F6A95F68222EC2C6F9573100E17EE9522E.key
-rw-------  1 guru  wheel   617 14 may.  20:17 B0E0BFC22F116B541848DF6593B418BBB63C0CC0.key

When I generated the keys on the card (gpg2 --cardedit --> admin --> generate)
on May 14, I have had to do this twice because I was logged out from the card due to
to long thinking about the passphrase for the backup of the key to the file
sk_61F1ECB625C9A6C3.gpg; one can see this on the time of the files below
.gnupg/private-keys-v1.d; the 2nd run started around 20:20 and was
successful at 20:29.

The question remains: Why I do have to move the files below .gnupg/ to
the other workstation? And, what are the files below .gnupg/private-keys-v1.d
are exactly?

Thanks

	matthias
-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045

More information about the Gnupg-users mailing list