Cannot export SSH public key
Ingo Klöcker
kloecker at kde.org
Wed Nov 29 14:36:15 CET 2023
On Mittwoch, 29. November 2023 03:52:36 CET Felix E. Klee wrote:
> So `gpg --card-status` imports [SC] and [E], but not [A]:
>
> $ rm ~/.gnupg/private-keys-v1.d/*
> $ ls -a1 ~/.gnupg/private-keys-v1.d/
> .
> ..
> $ gpg --card-status
> […]
> Signature key ....: 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E
> D589
> created ....: 2023-06-29 03:50:43
> Encryption key....: DBBD 3239 D0F1 4326 808D FC8F 7CC0 2D68 D2E3
> 1736
> created ....: 2023-06-29 03:50:43
> Authentication key: 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E
> D589
> created ....: 2023-06-29 03:50:43
> […]
> sec> rsa4096/1BE349D11B6ED589 created: 2023-06-29 expires: never
> card-no: 0006 18698016
> ssb> rsa4096/7CC02D68D2E31736 created: 2023-06-29 expires: never
> card-no: 0006 18698016
> ssb# rsa4096/32B106F6877CC64B created: 2023-11-22 expires: never
> $ gpg --list-keys --keyid-format LONG --with-keygrip yubikey at f76.eu
> pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC]
> 7A0FE73DDB744F0F97341DA71BE349D11B6ED589
> Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786
> uid [ultimate] Felix E. Klee (YubiKey) <yubikey@[…]>
> sub rsa4096/7CC02D68D2E31736 2023-06-29 [E]
> Keygrip = 07D6164F019D2EDF59C650992CF93776B2DD17F2
> sub rsa4096/32B106F6877CC64B 2023-11-22 [A]
> Keygrip = 9C67E5BBB72EF0BF2625792F8F134CE4FD961FF5
> $ ls -a1 ~/.gnupg/private-keys-v1.d/
> .
> ..
> 07D6164F019D2EDF59C650992CF93776B2DD17F2.key
> 0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key
>
> To me it looks like [A] is on the Yubikey, as it should.
>
> *But how do I get the private key stub for [A] imported?*
If you compare the information for Signature key and Authentication key you'll
notice that they are identical. Further, if you compare the information for
Authentication key and the A subkey of you'll see that the key ID of the A
subkey doesn't match the fingerprint of the Authentication key (which is
logical because the Authentication key is identical to the SC key.
Hint: Add --with-fingerprint (maybe twice) to --list-keys to see the
fingerprints of the subkeys.
I don't know how you did it, but it looks like you have overwritten the
Authentication key on your Yubikey with the SC key. Or your Yubikey or gpg is
seriously broken.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231129/9083482c/attachment.sig>
More information about the Gnupg-users
mailing list