Giter Club home page Giter Club logo

Comments (3)

jamescw avatar jamescw commented on September 28, 2024 1

It was that.. I must have exported the keys AFTER I had already moved them to the YubiKey so the private keys were not in the backup. Went through the steps again and even looked at the linked guide, it was great fun to dive into this! I found one issue with the path for pinentry-mac that deviates from what is set in the guide, I will make a PR for that and maybe adding the step to trust the key after you import it on the mac which is listed here: https://github.com/drduh/YubiKey-Guide#using-keys

I will close this one out!

from privacy-guides.

sunknudsen avatar sunknudsen commented on September 28, 2024

Great question!

When one moves subkeys to YubiKey, they are deleted from host computer.

The way I usually handle restoring from backup on Tails is importing master key and subkeys using gpg --import /path/to/master.asc and gpg --import /path/to/sub.asc.

Then, I run YubiKey related steps.

from privacy-guides.

jamescw avatar jamescw commented on September 28, 2024

Thanks Sun for the quick response!

I may have done something wrong then in this case..

After restarting Tails and unlocking my veracrypt file I proceeded to import my key:

amnesia@amnesia:~$ gpg --import /media/amnesia/Tails/master.asc 
gpg: key 0x529-------------: "<redacted>" not changed
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 0x529-------------: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

amnesia@amnesia:~$ gpg --import /media/amnesia/Tails/sub.asc 
gpg: key 0x529-------------: "<redacted>" not changed
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 0x529-------------: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1

amnesia@amnesia:~$ gpg -K
/home/amnesia/.gnupg/pubring.kbx
--------------------------------
sec   ed25519/0x529------------- 2021-09-14 [C]
      Key fingerprint = 774E 05B8 C732 47D9 7C33  0762 529B DB1C 541F C1DD
uid                   [ unknown] <redacted>
ssb#  ed25519/0x6C8------------ 2021-09-14 [S] [expires: 2022-09-14]
ssb#  cv25519/0x0A6------------ 2021-09-14 [E] [expires: 2022-09-14]
ssb#  ed25519/0x71B------------ 2021-09-14 [A] [expires: 2022-09-14]

I can see there is # symbol next to the key types which means they are stubs and when attempting to copy these to the new card I get the following:

amnesia@amnesia:~$ gpg --edit-key 0x529--------------
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/0x529--------------
     created: 2021-09-14  expires: never       usage: C   
     trust: unknown       validity: unknown
sub  ed25519/0x6C8--------------
     created: 2021-09-14  expires: 2022-09-14  usage: S   
sub  cv25519/0x0A6--------------
     created: 2021-09-14  expires: 2022-09-14  usage: E   
sub  ed25519/0x71B--------------
     created: 2021-09-14  expires: 2022-09-14  usage: A   
[ unknown] (1). <redacted>

gpg> key 1

...

gpg> keytocard
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 1
gpg: KEYTOCARD failed: No secret key

gpg>

I can see here that the keys are listed as sub which means they are public sub keys according to the legend:

sec => 'SECret key'
ssb => 'Secret SuBkey'
pub => 'PUBlic key'
sub => 'public SUBkey'

I think I have probably messed up the export of the keys in the first time around?

from privacy-guides.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.