Decrypt RSA encrypted secret by using gpg authentication key stored on yubikey
Thomas Glanzmann
thomas at glanzmann.de
Thu Nov 2 14:41:23 CET 2017
Hello,
I have a yubikey that I use as gpg smartcard. On that yubikey I have an
authentication subkey. I uploaded the pubkey to AWS cloud. When I create
a Windows instance they use that pubkey to encrypt a password using RSA
to my privkey. Since my privkey is stored on the smartcard, I can't use
openssl to decrypt it.
So I'm looking of the equivalent of:
base64 -d /tmp/file | openssl rsautl -decrypt -inkey /path/to/aws/private/key.pem
Only that my key is not on the file system but the authentication key
stored on my gpg card.
Cheers,
Thomas
References:
https://docs.aws.amazon.com/cli/latest/reference/ec2/get-password-data.html#examples
https://serverfault.com/questions/603984/windows-password-wont-decrypt-on-aws-ec2-even-with-the-correct-private-key
More information about the Gnupg-users
mailing list