Obtaining Key Stubs From Smartcard
bagel.alderman at protonmail.com
Wed Jan 3 23:42:19 CET 2018
I've been trying to learn to use GnuPG and have hit a spot of trouble. My goal is to set up an off-line master key with a sub-key each for signing, encryption and authentication, and to keep the sub-keys on a smart card (Yubikey) for convenient use.
To prepare for the inevitable moment I destroy/lose my Yubikey, I want to keep a copy of my sub-keys on my backup Yubikey as well. So far I have been able to manage this by using keytocard, deleting the local stubs, and importing the sub-keys from a backup. Using this method, the most recent Yubikey to have keys moved to it is listed as the key which contains the sub-keys.
My concern is this: If I do lose my Yubikey, I wont be able to use my backup Yubikey without first deleting current stubs, importing my backup sub-keys, and keytocard-ing them to the backup Yubikey, since my machine thinks the stubs only exist on the lost/destroyed smart card.
I've heard several say that the workaround is to use gpg --card-status to create key stubs from the currently inserted smart card, but so far I haven't had any luck getting that to work, neither on my Ubuntu machine or my Windows 7 box.
Can anyone tell me why gpg --card-status isn't creating key stubs (even after the original stubs are deleted)? It displays card information, but that seems to be all it does.
Ubuntu 16.04 using GnuPG v2.1.11 installed/updated with apt
Windows 7 using GnuPG v2.2.3 via gpg4win
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users