Using Yubikey only to encrypt/sign
Farhan Khan
farhan at farhan.codes
Mon Feb 18 21:35:30 CET 2019
February 18, 2019 2:35 AM, "Andrew Gallagher" <andrewg at andrewg.com> wrote:
>> On 18 Feb 2019, at 05:19, Farhan Khan via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>
>> How does one utilize *just* the yubikey (or OpenPGP smartcard in general) to
>> encrypt, sign, or decrypt? This might be in a scenario where I only have the
>> keys on my card but not on disk such as while traveling. I can confirm that
>> 'gpg --card-status' lists the keys as present.
>>
>> I am simulating this scenario by moving ~/.gnupg to another directory, but
>> running 'gpg --list-keys' does not list the list the key as present.
>
> You need to download the public key of the secret keys you are about to use, and then run `gpg
> --card-status` again. After that it Should Just Work.
>
> A
>
Hey Andrew,
I was given the message "gpg: decryption failed: No secret key". I ran this:
mv .gnupg .gnupg.bak
gpg --card-status
cat encrypted_message | gpg --decrypt
This gave me the warning message:
gpg: encrypted with 2048-bit RSA key, ID BF0F750DB428FFFF, created 2019-02-18
"Farhan Khan <farhan at farhan.codes>"
gpg: public key decryption failed: Invalid ID
gpg: decryption failed: No secret key
When I run gpg --list-secret-keys, I see the serial number listed for my card.
I suspect this is a gpg-agent issue?
Thanks,
---
Farhan Khan
PGP Fingerprint: 7BEF 02AB 89AF 9581 194D 57F1 BF0F 750D B428 FFFF
More information about the Gnupg-users
mailing list