Decrypt RSA encrypted secret by using gpg authentication key stored on yubikey

Thomas Glanzmann thomas at
Thu Nov 2 14:41:23 CET 2017

I have a yubikey that I use as gpg smartcard. On that yubikey I have an
authentication subkey. I uploaded the pubkey to AWS cloud. When I create
a Windows instance they use that pubkey to encrypt a password using RSA
to my privkey. Since my privkey is stored on the smartcard, I can't use
openssl to decrypt it.

So I'm looking of the equivalent of:

base64 -d /tmp/file | openssl rsautl -decrypt -inkey /path/to/aws/private/key.pem

Only that my key is not on the file system but the authentication key
stored on my gpg card.



More information about the Gnupg-users mailing list