gpg cards

[jman]

Hi!

Philipp Schmidt <philipp at knutschmidt.de> writes:

> I have tried to something in the docs about this, but without
> success. For quite a while now, I am using a yubikey as gpg card and
> that is working really good. Since it is risky to have only one Key, I
> just purchased another one to create a clone of the first. So I went
> ahead and copied the very same keys from the backup to the second. But
> trying to actually use does not work, I get an error like: 'please
> insert card: […]' So.

This is a known issue, have a look here [0]

> What can I do to make gpg use the card as well (if possible) ?

You can follow the guide in that repository and move your private key to
the Yubikey (be careful, once there the key *cannot* be moved anywhere
else) and configure gpg to retrieve the key there (I think by adding
`use-agent` in the gpg.conf file). Feel free to have a look here [1]

> Another thing I would really love to know is: Is it possible to use
> the gpg card as smartcard for the system login as well? Right now I am
> using the PIV functionality of the yubikey, but would really prefer to
> use one system.

AFAIK it is possible using the Yubikey PAM module [2] but never tested
and I don't know if it works for all use cases.

> Last but not least I am still on a quest for a setup to use Full Disk
> Encryption and Security Token to actually decrypt the Disk on boot.

Off the top of my head I can think of a setup using LUKS volumes but don't have
specific advice on the matter.

cheers,


[0] https://github.com/drduh/YubiKey-Guide/issues/19#issuecomment-458663857
[1] https://git.sr.ht/~jman/dotfiles/tree/master/item/gnupg/.gnupg
[2] https://developers.yubico.com/yubico-pam/