Get the private portion of subkeys
Alexander Kulbartsch
alexander at kulbartsch.de
Thu Mar 28 10:57:01 CET 2024
Hi Damien!
On 28.03.24 08:26, Damien Cassou via Gnupg-users wrote:
> As you can see, there is a '>' character before each subkey but not
> before the master key. Someone on the web has a similar setup but
> doesn't have the '>' before his subkeys [1].
The ">" indicates that the key is on a smartcard.
(The > is the corner of a card ;)
(Smartcard is synonym to USB tokens like YubiKeys)
> Is that a problem? Am I missing something important? It seems this
> causes me the troubles mentioned at [1].
In [2] it is mentioned, that the key marked with an [A] is needed.
[A] indicates the "authentication" key. This is what you want.
But the private part of your [A] key is only on the smartcard. And the
security idea of the smartcard is, that you can not extract it from there.
In [1] you described your 'gpg --export-secret-keys'. If you do a
`gpg --list-packets ./damien.asc`
on your export, you can see that this still references the card.
So it won't work this way.
But if it is about ssh login into another system you can use the
gpg-agent as a the ssh-agent and get the security with your
smartcard.
You have to add 'enable-ssh-support' to your gpg-agent.conf.
See: man gpg-agent
> [1] https://github.com/pinpox/pgp2ssh/issues/6
[2] https://github.com/pinpox/pgp2ssh
Best regards
Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x213E2CD3CABCF0B9.asc
Type: application/pgp-keys
Size: 681 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240328/7ca83afc/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240328/7ca83afc/attachment-0001.sig>
More information about the Gnupg-users
mailing list