Second OpenPGP-card

Matthias Apitz guru at unixarea.de
Mon Feb 26 13:17:08 CET 2024 

El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via Gnupg-users escribió:

> On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
> 
> > So, can I buy this card here in Europe or even in Germany?
> 
> floss-shop.de

Only for the record:

Meanwhile I bought the 2nd OpenPGP card in the Purism shop because floss-shop.de
can't cut out the Micro-SIM size.

> 
> > If not, I could with a script decrypt all the files in this tree and
> > encrypt them again after setup the card. But, it would be better just
> > copy the files over by SCP, also when passwords get added or updated.
> 
> Actually we have an open task for re-encryption:
> https://dev.gnupg.org/T1825
> 
> For small messages this is easy but there is no easy solution for large
> data.  A detached encryption packet is a theoretical option.


I have here an example file of an entry 'test' in my .password-storage:

purism at pureos:~$ pass test

               ┌──────────────────────────────────────────────┐
               │ Please unlock the card                       │
               │                                              │
               │ Number: 0005 0000A6FE                        │
               │ Holder: Matthias Apitz                       │
               │                                              │
               │ PIN ________________________________________ │
               │                                              │
               │      <OK>                        <Cancel>    │
               └──────────────────────────────────────────────┘

secret


purism at pureos:~$ file .password-store/test.gpg
.password-store/test.gpg: PGP RSA encrypted session key - keyid: 39BDCE02 5E4698B6 RSA (Encrypt or Sign) 2048b .

purism at pureos:~$ gpg -da .password-store/test.gpg


               ┌──────────────────────────────────────────────┐
               │ Please unlock the card                       │
               │                                              │
               │ Number: 0005 0000A6FE                        │
               │ Holder: Matthias Apitz                       │
               │                                              │
               │ PIN ________________________________________ │
               │                                              │
               │      <OK>                        <Cancel>    │
               └──────────────────────────────────────────────┘

gpg: encrypted with 2048-bit RSA key, ID 39BDCE025E4698B6, created 2021-10-30
      "Matthias Apitz (GnuPG CCID L5) <guru at unixarea.de>"
secret


Said/showed that, I can't imagine that, when I SCP the file 
.password-store/test.gpg to another mobile with another OpenPGP card,
that this system would be able to decrypt the file and reencrypt it
again with the new card.

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.  Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

More information about the Gnupg-users mailing list