gnupg-users at storiepvtride.it
Thu Jan 28 22:10:41 CET 2021
Philipp Schmidt <philipp at knutschmidt.de> writes:
> I have tried to something in the docs about this, but without
> success. For quite a while now, I am using a yubikey as gpg card and
> that is working really good. Since it is risky to have only one Key, I
> just purchased another one to create a clone of the first. So I went
> ahead and copied the very same keys from the backup to the second. But
> trying to actually use does not work, I get an error like: 'please
> insert card: […]' So.
This is a known issue, have a look here 
> What can I do to make gpg use the card as well (if possible) ?
You can follow the guide in that repository and move your private key to
the Yubikey (be careful, once there the key *cannot* be moved anywhere
else) and configure gpg to retrieve the key there (I think by adding
`use-agent` in the gpg.conf file). Feel free to have a look here 
> Another thing I would really love to know is: Is it possible to use
> the gpg card as smartcard for the system login as well? Right now I am
> using the PIV functionality of the yubikey, but would really prefer to
> use one system.
AFAIK it is possible using the Yubikey PAM module  but never tested
and I don't know if it works for all use cases.
> Last but not least I am still on a quest for a setup to use Full Disk
> Encryption and Security Token to actually decrypt the Disk on boot.
Off the top of my head I can think of a setup using LUKS volumes but don't have
specific advice on the matter.
More information about the Gnupg-users