<html><head></head><body>Hi,<br><br>I'm not sure to grasp the entirety of the problematic but I though that should be mention :<br><br>From 'man pass' :<br><br>```<br>id...<br> Initialize new password storage and use gpg-id<br> for encryption. Multiple gpg-ids may be<br> specified, in order to encrypt each password<br> with multiple ids. This command must be run<br> first before a password store can be used. If<br> the specified gpg-id is different from the key<br> used in any existing files, these files will<br> be reencrypted to use the new id. Note that<br> use of gpg-agent(1) is recommended so that the<br> batch decryption does not require as much user<br> intervention. If --path or -p is specified,<br> along with an argument, a specific gpg-id or<br> set of gpg-ids is assigned for that specific<br> sub folder of the password store. If only one<br> gpg-id is given, and it is an empty string,<br> then the current .gpg-id file for the<br> specified sub-folder (or root if unspecified)<br> is removed.<br>```<br><br>If you can get the 2 keys on your PC or the 2 keys on your phone you can add your new key or even replace the old with the new one by running 'pass Id ...'<br><br><br><div class="gmail_quote">On October 29, 2021 9:00:28 PM GMT+02:00, Matthias Apitz <guru@unixarea.de> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre dir="auto" class="k9mail">Hello,<br><br>For some years I do use an OpenPGP card with GnuPG to encrypt all my<br>passwords (and other secrets). The passwors are managed with<br>password-store which is basically a tree of passwords along the web<br>sites where they're required to login. <br><br>I got now a mobile phone device, running Debian, the Purism L5, which<br>has its own OpenPGP card (until now no set up):<br><br>purism@pureos:~$ gpg --card-status<br>Reader ...........: TTXS serial 00 00<br>Application ID ...: D27600012401030400050000A6FE0000<br>Application type .: OpenPGP<br>Version ..........: 3.4<br>Manufacturer .....: ZeitControl<br>Serial number ....: 0000A6FE<br>Name of cardholder: [not set]<br>Language prefs ...: de<br>Salutation .......:<br>URL of public key : [not set]<br>Login data .......: [not set]<br>Signature PIN ....: forced<br>Key attributes ...: rsa2048 rsa2048 rsa2048<br>Max. PIN lengths .: 64 64 64<br>PIN retry counter : 3 0 3<br>Signature counter : 0<br>KDF setting ......: off<br>Signature key ....: [none]<br>Encryption key....: [none]<br>Authentication key: [none]<br>General key info..: [none]<br><br>The question here is: Can I somehow transfer the keys from the used<br>OpenPGP card to this new card (and copy over the tree of encrypted<br>passwords to the phone) or do I have to move the passwords in clear and<br>crypt them again with the new card?<br><br>Thanks<br><br> matthias<br><br><div class="k9mail-signature">-- <br>Matthias Apitz, ✉ guru@unixarea.de, <a href="http://www.unixarea.de/">http://www.unixarea.de/</a> +49-176-38902045<br>Public GnuPG key: <a href="http://www.unixarea.de/key.pub">http://www.unixarea.de/key.pub</a><br>August 13, 1961: Better a wall than a war. And, while the GDR was still existing,<br>no German troups and bombs have been killed in Yugoslavia, Afghanistan, Afrika...<hr>Gnupg-users mailing list<br>Gnupg-users@gnupg.org<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br></div></pre></blockquote></div><div style='white-space: pre-wrap'>Romain LEBRUN THAURONT<br>5TC - Département Telecommunication, Services et Usages<br>INSA Lyon<br>Responsable Logistique du Karnaval Humanitaire<br><br>** Please consider using PGP to communicate with me, encrypt your<br>e-mails <a href="https://www.openpgp.org/">https://www.openpgp.org/</a><br>My key's fingerprint: 912B 29BE EDBE 8E73 8E3F 8758 869E 9A75 3DCA 4320</div></body></html>