<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;">Hi all </span></p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;"><br>
</span></p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;">My goal is to set up two Yubikeys (YK1 and YK2) with the same GPG keys (one to use daily and one for backup). Following this (<a href="https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4" class="OWAAutoLink" id="LPlnk123196" previewremoved="true">https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4</a>)
tutorial I created a signing key and two subkeys, one for encryption and one for authorization. </span><br>
</p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;"><br>
</span></p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;">Keys were moved to YKs successfully and I backed up everything including stubs for both YKs. </span></p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;"><br>
</span></p>
<p style="margin-top:0;margin-bottom:0"><span style="font-family: Arial, Helvetica, sans-serif;">Stubs were exported using: </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt;">gpg --armor --output stubs.asc --export-secret-keys
<longid></span><span style="font-family: Arial, Helvetica, sans-serif;"></span></p>
<div><br>
</div>
<div>Then I did the following: </div>
<div><br>
</div>
<div>1. Import public key and stubs(YK1) on another computer: gpg --import public.asc stubs1.asc</div>
<div>2. Encrypt a message with the public key: gpg -e -r <span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;"><longid> file.txt</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">3. Decrypt the message with: gpg -d file.txt.gpg</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">4. Being asked to insert YK1 and insert PIN</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">5. Decryption went successfully</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;"><br>
</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">Then I wanted to test YK2 and I used the same file.txt.gpg, as I used before (didn't encrypt a new one). So I did the following:</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;"><br>
</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">1. Delete private stubs: </span><span style="font-family: Arial, Helvetica, sans-serif;">gpg --delete-secret-keys <longid></span></div>
<div><font face="Arial, Helvetica, sans-serif">2. Import stubs (YK2): gpg --import stubs2.asc</font></div>
<div><font face="Arial, Helvetica, sans-serif">3. <span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">Decrypt the message with: gpg -d file.txt.gpg</span></font></div>
<div><font face="Arial, Helvetica, sans-serif">4. <span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">Being asked to insert *YK2* and insert PIN</span></font></div>
<div><font face="Arial, Helvetica, sans-serif"><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;"></span>5. While I insert PIN I see the error below (I am sure the PIN is correct):</font></div>
<div><font face="Arial, Helvetica, sans-serif"><br>
</font></div>
<div><font face="Arial, Helvetica, sans-serif">
<div><span style="font-family: Consolas, Courier, monospace;">$ gpg -d text.txt.gpg </span></div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">Please enter the PIN</span></div>
<div><span style="font-family: Consolas, Courier, monospace;">gpg: verify CHV2 failed: invalid passphrase</span></div>
<div><span style="font-family: Consolas, Courier, monospace;">gpg: encrypted with 2048-bit RSA key, ID 701E4F69, created 2018-05-10</span></div>
<div><span style="font-family: Consolas, Courier, monospace;"> "Dima Stopel <dima@stopel.org>"</span></div>
<div><span style="font-family: Consolas, Courier, monospace;">gpg: public key decryption failed: invalid passphrase</span></div>
<div><span style="font-family: Consolas, Courier, monospace;">gpg: decryption failed: secret key not available</span></div>
<div><br>
</div>
What am I doing wrong? </font></div>
<div><font face="Arial, Helvetica, sans-serif"><br>
</font></div>
<div><font face="Arial, Helvetica, sans-serif">Thanks<br>
</font><span style="font-family: Arial, Helvetica, sans-serif;"></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;">
<div><br>
</div>
</span></div>
<div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 16px;"><br>
</span></div>
<p></p>
</div>
</body>
</html>