Second OpenPGP-card

[andrewg]

On 2024-02-09 14:36, Matthias Apitz wrote:
> 
> Next question: Can I transfer somehow the key from one card to the
> other to use the same encrypted files foo.gpg from my password store:
> 
> purism at pureos:~$ find .password-store/ -type f | wc -l
> 373

No, the entire point of an openpgp card is that you can't copy the key 
material off it (otherwise it would have no advantages over a thumb 
drive). I always recommend that people generate their key material on a 
removable encrypted drive and then copy it onto the card, keeping a 
backup copy on the encrypted drive. Otherwise you run the risk of data 
loss when your card breaks or is lost.

> If not, I could with a script decrypt all the files in this tree and
> encrypt them again after setup the card. But, it would be better just
> copy the files over by SCP, also when passwords get added or updated.

It would depend on how `pass` works, whether there are any particular 
parameters that need to be supplied with the encryption command. Perhaps 
best to ask the `pass` maintainers about support for re-encryption in 
general - the process shouldn't depend on whether or not you're using a 
card.

A