"gpg --card-edit" with multiple card readers (Yubikey)

Juanjo villapla+gnupg-users at uji.es
Fri Jul 14 12:06:57 CEST 2023


On Mon, Jul 10, 2023 at 3:54 PM Bernhard Reiter <bernhard at intevation.de> wrote:
>
> Michael,
>
> Am Freitag 07 Juli 2023 20:32:15 schrieb Michael Richardson:
> >     > I should eventually describe the environment.
> >
> > Yes please.
> > Could it go into a wiki page or something that people can comment on and/or
> > amend?
>
> feel free to open a page with the info that Werner has already given on
>   https://wiki.gnupg.org

This may be a good starting point: https://github.com/drduh/YubiKey-Guide

In fact, there I finally found how to set the default Yubikey used by
"gpg --card-edit" when you have multiple keys inserted (remember
AlmaLinux9, gnupg2-2.3.3-2.el9_0.x86_64):

$ ykman list
YubiKey 5 NFC (5.4.3) [CCID] Serial: 18137XXX
YubiKey 5 NFC (5.4.3) [CCID] Serial: 18137YYY
YubiKey 5 NFC (5.4.3) [CCID] Serial: 18137ZZZ
$
$ gpg --card-status | grep -E "^Reader|^Application ID|^Serial number"
Reader ...........: Yubico YubiKey CCID 03 00
Application ID ...: D276000124010000000618137XX0000
Serial number ....: 18137XXX
$
$ gpg --card-status all | grep -E "^Reader|^Application ID|^Serial number"
Reader ...........: Yubico YubiKey CCID 03 00
Application ID ...: D276000124010000000618137XXX0000
Serial number ....: 18137XXX
Reader ...........: Yubico YubiKey CCID 02 00
Application ID ...: D276000124010000000618137YYY0000
Serial number ....: 18137YY
Reader ...........: Yubico YubiKey CCID 00 00
Application ID ...: D276000124010000000618137ZZZ0000
Serial number ....: 18137ZZ
$
$
$ gpg-connect-agent 'SCD SERIALNO help' /bye
[...]
# SERIALNO [--demand=<serialno>] [--all] [<apptype>]
[...]
$
$ gpg-connect-agent 'scd serialno
--demand=D276000124010000000618137YYY0000' /bye
S SERIALNO D276000124010000000618137YYY0000
OK
$
$ gpg --card-status | grep -E "^Reader|^Application ID|^Serial number"
Reader ...........: Yubico YubiKey CCID 02 00
Application ID ...: D276000124010000000618137YYY0000
Serial number ....: 18137YYY
$
$ gpg --card-edit

Reader ...........: Yubico YubiKey CCID 02 00
Application ID ...: D276000124010000000618137YYY0000
Application type .: OpenPGP
Version ..........: 0.0
Manufacturer .....: Yubico
Serial number ....: 18137YYY
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 5 5 5
Signature counter : 4
KDF setting ......: on
UIF setting ......: Sign=on Decrypt=on Auth=on
Signature key ....: ABCD 1234 ....
      created ....: 2023-07-14 07:48:45
Encryption key....: ABCD 1234 ....
      created ....: 2023-07-14 07:48:45
Authentication key: ABCD 1234 ....
      created ....: 2023-07-14 07:48:45
General key info..:
pub  rsa4096/...
sec>  rsa4096/XYZ987...  created: 2023-07-14  expires: never
                                card-no: 0006 18137YYY
ssb>  rsa4096/XYZ987...  created: 2023-07-14  expires: never
                                card-no: 0006 18137YYY
ssb>  rsa4096/XYZ987...  created: 2023-07-14  expires: never
                                card-no: 0006 18137YYY

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
[...]

>
> Regards,
> Bernhard

Regards,
Juanjo

> --
> https://intevation.de/~bernhard   +49 541 33 508 3-3
> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
> Geschäftsführer Frank Koormann, Bernhard Reiter
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list