Setting up two identical Yubikeys - specific error

Dima Stopel dima at stopel.org
Thu May 10 21:23:17 CEST 2018


The issue is solved by using gpg2.


Didn't work with: gpg (GnuPG) 1.4.20

Works with: gpg (GnuPG) 2.1.11


Thanks and sorry for the spam

________________________________
From: Dima Stopel
Sent: Thursday, May 10, 2018 9:43:07 PM
To: gnupg-users at gnupg.org
Subject: Setting up two identical Yubikeys - specific error


Hi all


My goal is to set up two Yubikeys (YK1 and YK2) with the same GPG keys (one to use daily and one for backup). Following this (https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4) tutorial I created a signing key and two subkeys, one for encryption and one for authorization.


Keys were moved to YKs successfully and I backed up everything including stubs for both YKs.


Stubs were exported using: gpg --armor --output stubs.asc --export-secret-keys <longid>

Then I did the following:

1. Import public key and stubs(YK1) on another computer: gpg --import public.asc stubs1.asc
2. Encrypt a message with the public key: gpg -e -r <longid> file.txt
3. Decrypt the message with: gpg -d file.txt.gpg
4. Being asked to insert YK1 and insert PIN
5. Decryption went successfully

Then I wanted to test YK2 and I used the same file.txt.gpg, as I used before (didn't encrypt a new one). So I did the following:

1. Delete private stubs: gpg --delete-secret-keys <longid>
2. Import stubs (YK2): gpg --import stubs2.asc
3. Decrypt the message with: gpg -d file.txt.gpg
4. Being asked to insert *YK2* and insert PIN
5. While I insert PIN I see the error below (I am sure the PIN is correct):

$ gpg -d text.txt.gpg

Please enter the PIN
gpg: verify CHV2 failed: invalid passphrase
gpg: encrypted with 2048-bit RSA key, ID 701E4F69, created 2018-05-10
      "Dima Stopel <dima at stopel.org>"
gpg: public key decryption failed: invalid passphrase
gpg: decryption failed: secret key not available

What am I doing wrong?

Thanks


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180510/9055ebe5/attachment-0001.html>


More information about the Gnupg-users mailing list