Second OpenPGP-card
Matthias Apitz
guru at unixarea.de
Tue Feb 27 10:07:20 CET 2024
El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via Gnupg-users escribió:
> Matthias Apitz wrote:
> > [...]
> > Said/showed that, I can't imagine that, when I SCP the file
> > .password-store/test.gpg to another mobile with another OpenPGP card,
> > that this system would be able to decrypt the file and reencrypt it
> > again with the new card.
>
> Correct. You must first copy the *new* public key to the *old* system and
> re-encrypt the password store to *both* public keys on the *old* system,
> then transfer the encrypted blobs to the new system.
> ...
Thanks for the clarification and clear instruction.
> While you are here, this is a good time to remind you to regularly check the
> list of public keys used with your password store. If Mallory can sneak
> *his* key onto that list, he will be able to get your passwords!
It says:
purism at pureos:~$ gpg --list-keys
/home/purism/.gnupg/pubring.kbx
-------------------------------
pub rsa2048 2021-10-30 [SC]
336EB96892FE9FE7F6...................
uid [ultimate] Matthias Apitz (GnuPG CCID L5) <guru at unixarea.de>
sub rsa2048 2021-10-30 [A]
sub rsa2048 2021-10-30 [E]
What makes me wonder it the last modification date of the file:
purism at pureos:~$ ls -l /home/purism/.gnupg/pubring.kbx
-rw------- 1 purism purism 172324 feb 1 11:13 /home/purism/.gnupg/pubring.kbx
I've never done anything with this and expected it also at date
2021-10-30 (when I initialized the OpenPGP card in the mobile L5).
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
I am not at war with Russia. Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
More information about the Gnupg-users
mailing list