Using a GnuPG CCID card in another computer (follow-up)
Damien Goutte-Gattat
dgouttegattat at incenp.org
Tue May 16 10:10:28 CEST 2017
On 05/16/2017 07:55 AM, Matthias Apitz wrote:
> The question remains: Why I do have to move the files below .gnupg/ to
> the other workstation?
The card only contains the private keys. GnuPG also needs some
informations that are only contained in the public parts, such as the
User IDs associated with the key and the bindings between a primary key
and its subkeys.
So while you no not have to move *all* the files below .gnupg, you at
least need to import your *public* key onto your other workstation.
(That's why the card editor of GnuPG has a "fetch" command. The idea is
that you put your public key in a publicly-accessible location, and make
the "URL" field of your card point to that location. With that, upon
arriving onto a new computer--with an empty or inexisting .gnupg--, you
can get a working setup just by inserting your card, firing up the card
editor, and using the "fetch" command".)
> And, what are the files below .gnupg/private-keys-v1.d are exactly?
They normally contain the private key themselves. When the private keys
are stored on a smartcard, they are "stubs", whose purpose is to inform
GnuPG that the keys are on a smartcard (notably, they contain the serial
number of said smartcard).
GnuPG should normally re-create those stubs automatically if they do not
exist when you run the --card-status command, so you should not have to
copy them over manually.
What is troubling in your experience is that you said there was "no key
in the card" when you first run "gpg2 --card-status" on the new
workstation. I have no explanation for that.
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170516/cc2b98c4/attachment.sig>
More information about the Gnupg-users
mailing list