Second OpenPGP-card

Matthias Apitz guru at unixarea.de
Tue Feb 27 10:07:20 CET 2024


El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via Gnupg-users escribió:

> Matthias Apitz wrote:
> > [...]
> > Said/showed that, I can't imagine that, when I SCP the file
> > .password-store/test.gpg to another mobile with another OpenPGP card,
> > that this system would be able to decrypt the file and reencrypt it
> > again with the new card.
> 
> Correct.  You must first copy the *new* public key to the *old* system and
> re-encrypt the password store to *both* public keys on the *old* system,
> then transfer the encrypted blobs to the new system.
> ...

Thanks for the clarification and clear instruction.

> While you are here, this is a good time to remind you to regularly check the
> list of public keys used with your password store.  If Mallory can sneak
> *his* key onto that list, he will be able to get your passwords!

It says:

purism at pureos:~$ gpg --list-keys
/home/purism/.gnupg/pubring.kbx
-------------------------------
pub   rsa2048 2021-10-30 [SC]
      336EB96892FE9FE7F6...................
uid           [ultimate] Matthias Apitz (GnuPG CCID L5) <guru at unixarea.de>
sub   rsa2048 2021-10-30 [A]
sub   rsa2048 2021-10-30 [E]

What makes me wonder it the last modification date of the file:

purism at pureos:~$ ls -l /home/purism/.gnupg/pubring.kbx
-rw------- 1 purism purism 172324 feb  1 11:13 /home/purism/.gnupg/pubring.kbx

I've never done anything with this and expected it also at date
2021-10-30 (when I initialized the OpenPGP card in the mobile L5).

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.  Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.



More information about the Gnupg-users mailing list