Cannot export SSH public key

Ingo Klöcker kloecker at kde.org
Wed Nov 29 14:36:15 CET 2023 

On Mittwoch, 29. November 2023 03:52:36 CET Felix E. Klee wrote:
> So `gpg --card-status` imports [SC] and [E], but not [A]:
> 
>     $ rm ~/.gnupg/private-keys-v1.d/*
>     $ ls -a1 ~/.gnupg/private-keys-v1.d/
>     .
>     ..
>     $ gpg --card-status
>     […]
>     Signature key ....: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>     D589
>           created ....: 2023-06-29 03:50:43
>     Encryption key....: DBBD 3239 D0F1 4326 808D  FC8F 7CC0 2D68 D2E3
>     1736
>           created ....: 2023-06-29 03:50:43
>     Authentication key: 7A0F E73D DB74 4F0F 9734  1DA7 1BE3 49D1 1B6E
>     D589
>           created ....: 2023-06-29 03:50:43
>     […]
>     sec>  rsa4096/1BE349D11B6ED589  created: 2023-06-29  expires: never
>                                     card-no: 0006 18698016
>     ssb>  rsa4096/7CC02D68D2E31736  created: 2023-06-29  expires: never
>                                     card-no: 0006 18698016
>     ssb#  rsa4096/32B106F6877CC64B  created: 2023-11-22  expires: never
>     $ gpg --list-keys --keyid-format LONG --with-keygrip yubikey at f76.eu
>     pub   rsa4096/1BE349D11B6ED589 2023-06-29 [SC]
>           7A0FE73DDB744F0F97341DA71BE349D11B6ED589
>           Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786
>     uid                 [ultimate] Felix E. Klee (YubiKey) <yubikey@[…]>
>     sub   rsa4096/7CC02D68D2E31736 2023-06-29 [E]
>           Keygrip = 07D6164F019D2EDF59C650992CF93776B2DD17F2
>     sub   rsa4096/32B106F6877CC64B 2023-11-22 [A]
>           Keygrip = 9C67E5BBB72EF0BF2625792F8F134CE4FD961FF5
>     $ ls -a1 ~/.gnupg/private-keys-v1.d/
>     .
>     ..
>     07D6164F019D2EDF59C650992CF93776B2DD17F2.key
>     0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key
> 
> To me it looks like [A] is on the Yubikey, as it should.
> 
> *But how do I get the private key stub for [A] imported?*

If you compare the information for Signature key and Authentication key you'll 
notice that they are identical. Further, if you compare the information for 
Authentication key and the A subkey of you'll see that the key ID of the A 
subkey doesn't match the fingerprint of the Authentication key (which is 
logical because the Authentication key is identical to the SC key.

Hint: Add --with-fingerprint (maybe twice) to --list-keys to see the 
fingerprints of the subkeys.

I don't know how you did it, but it looks like you have overwritten the 
Authentication key on your Yubikey with the SC key. Or your Yubikey or gpg is 
seriously broken.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231129/9083482c/attachment.sig>

More information about the Gnupg-users mailing list