Using two OpenPGP cards

Romain LT romain.lebrun-thauront at
Fri Oct 29 23:45:58 CEST 2021


I'm not sure to grasp the entirety of the problematic but I though that should be mention :

From  'man pass' :

      Initialize new password storage and use gpg-id
      for encryption. Multiple gpg-ids may be
      specified, in order to encrypt each password
      with multiple ids. This command must be run
      first before a password store can be used. If
      the specified gpg-id is different from the key
      used in any existing files, these files will
      be reencrypted to use the new id.  Note that
      use of gpg-agent(1) is recommended so that the
      batch decryption does not require as much user
      intervention. If --path or -p is specified,
      along with an argument, a specific gpg-id or
      set of gpg-ids is assigned for that specific
      sub folder of the password store. If only one
      gpg-id is given, and it is an empty string,
      then the current .gpg-id file for the
      specified sub-folder (or root if unspecified)
      is removed.

If you can get the 2 keys on your PC or the 2 keys on your phone you can add your new key or even replace the old with the new one by running 'pass Id ...'

On October 29, 2021 9:00:28 PM GMT+02:00, Matthias Apitz <guru at> wrote:
>For some years I do use an OpenPGP card with GnuPG to encrypt all my
>passwords (and other secrets). The passwors are managed with
>password-store which is basically a tree of passwords along the web
>sites where they're required to login. 
>I got now a mobile phone device, running Debian, the Purism L5, which
>has its own OpenPGP card (until now no set up):
>purism at pureos:~$ gpg --card-status
>Reader ...........: TTXS serial 00 00
>Application ID ...: D27600012401030400050000A6FE0000
>Application type .: OpenPGP
>Version ..........: 3.4
>Manufacturer .....: ZeitControl
>Serial number ....: 0000A6FE
>Name of cardholder: [not set]
>Language prefs ...: de
>Salutation .......:
>URL of public key : [not set]
>Login data .......: [not set]
>Signature PIN ....: forced
>Key attributes ...: rsa2048 rsa2048 rsa2048
>Max. PIN lengths .: 64 64 64
>PIN retry counter : 3 0 3
>Signature counter : 0
>KDF setting ......: off
>Signature key ....: [none]
>Encryption key....: [none]
>Authentication key: [none]
>General key info..: [none]
>The question here is: Can I somehow transfer the keys from the used
>OpenPGP card to this new card (and copy over the tree of encrypted
>passwords to the phone) or do I have to move the passwords in clear and
>crypt them again with the new card?
>	matthias
>Matthias Apitz, ✉ guru at, +49-176-38902045
>Public GnuPG key:
>August 13, 1961: Better a wall than a war. And, while the GDR was still existing,
>no German troups and bombs have been killed in Yugoslavia, Afghanistan, Afrika...
>Gnupg-users mailing list
>Gnupg-users at

5TC - Département Telecommunication, Services et Usages
Responsable Logistique du Karnaval Humanitaire

** Please consider using PGP to communicate with me, encrypt your
My key's fingerprint: 912B 29BE EDBE 8E73 8E3F 8758 869E 9A75 3DCA 4320
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list