GPG/YubiKey/CentOS7
Wolfgang Traylor
wolfgang.traylor at posteo.de
Sat Jun 22 09:41:46 CEST 2019
Hello Jen,
> gpg --export-secret-keys $KEYID | openpgp2ssh $KEYID
After moving your secret subkeys to a smartcard, the secret subkeys are not on your hard drive anymore. The secret parts are only on the smartcard then. And for security reasons you cannot export secret keys from your smartcard. The files of your secret keys you find in `~/.gnupg/private-keys-v1.d/` on your hard drive are only “stubs”.
> Can anyone tell me how to properly get the public key off of the yubikey to present to other servers?
The smartcard only stores the secret parts of your subkeys, not the public parts.
In order to use your GPG subkey (which has authentication function) for SSH, you can use `gpg --export-ssh-key <KEYID>` command. This will give you the public part your authentication key in SSH format. For this command you only need the public key in your keyring. The export has nothing to do with your smartcard.
I attached a little tutorial I once wrote for using GnuPG for SSH authentication. It worked for me on Arch Linux, Manjaro, and Linux Mint, but should apply to CentOS, too.
Best regards,
W. Traylor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg_for_ssh.md
Type: text/markdown
Size: 3232 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190622/29405c49/attachment-0001.bin>
More information about the Gnupg-users
mailing list