Comments (3)
It was that.. I must have exported the keys AFTER I had already moved them to the YubiKey so the private keys were not in the backup. Went through the steps again and even looked at the linked guide, it was great fun to dive into this! I found one issue with the path for pinentry-mac that deviates from what is set in the guide, I will make a PR for that and maybe adding the step to trust the key after you import it on the mac which is listed here: https://github.com/drduh/YubiKey-Guide#using-keys
I will close this one out!
from privacy-guides.
Great question!
When one moves subkeys to YubiKey, they are deleted from host computer.
The way I usually handle restoring from backup on Tails is importing master key and subkeys using gpg --import /path/to/master.asc
and gpg --import /path/to/sub.asc
.
Then, I run YubiKey related steps.
from privacy-guides.
Thanks Sun for the quick response!
I may have done something wrong then in this case..
After restarting Tails and unlocking my veracrypt file I proceeded to import my key:
amnesia@amnesia:~$ gpg --import /media/amnesia/Tails/master.asc
gpg: key 0x529-------------: "<redacted>" not changed
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 0x529-------------: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
amnesia@amnesia:~$ gpg --import /media/amnesia/Tails/sub.asc
gpg: key 0x529-------------: "<redacted>" not changed
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 0x529-------------: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
amnesia@amnesia:~$ gpg -K
/home/amnesia/.gnupg/pubring.kbx
--------------------------------
sec ed25519/0x529------------- 2021-09-14 [C]
Key fingerprint = 774E 05B8 C732 47D9 7C33 0762 529B DB1C 541F C1DD
uid [ unknown] <redacted>
ssb# ed25519/0x6C8------------ 2021-09-14 [S] [expires: 2022-09-14]
ssb# cv25519/0x0A6------------ 2021-09-14 [E] [expires: 2022-09-14]
ssb# ed25519/0x71B------------ 2021-09-14 [A] [expires: 2022-09-14]
I can see there is # symbol next to the key types which means they are stubs and when attempting to copy these to the new card I get the following:
amnesia@amnesia:~$ gpg --edit-key 0x529--------------
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/0x529--------------
created: 2021-09-14 expires: never usage: C
trust: unknown validity: unknown
sub ed25519/0x6C8--------------
created: 2021-09-14 expires: 2022-09-14 usage: S
sub cv25519/0x0A6--------------
created: 2021-09-14 expires: 2022-09-14 usage: E
sub ed25519/0x71B--------------
created: 2021-09-14 expires: 2022-09-14 usage: A
[ unknown] (1). <redacted>
gpg> key 1
...
gpg> keytocard
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
gpg: KEYTOCARD failed: No secret key
gpg>
I can see here that the keys are listed as sub which means they are public sub keys according to the legend:
sec => 'SECret key'
ssb => 'Secret SuBkey'
pub => 'PUBlic key'
sub => 'public SUBkey'
I think I have probably messed up the export of the keys in the first time around?
from privacy-guides.
Related Issues (20)
- The Trezor Wallet on Tails guide does not work HOT 3
- How to encrypt, sign and decrypt messages using GnuPG on macOS HOT 2
- How to spoof MAC address and hostname automatically at boot on macOS HOT 2
- privacy.resistFingerprinting.letterboxing no more True available, instead Boolean, Number or String HOT 3
- Time Machine does not work when spoofing
- Use of NFTables instead of IPTables (Step 18: configure firewall) HOT 1
- Veracrypt command in dismount() function should use $volume_path not $mount_point HOT 2
- tails, trezor bridge installation HOT 2
- Automatically Spoof MAC address and Hostname for eno1 not working
- App cleaner doesn't find *Info.plist* file for iPhone/iPad apps on new Mac with Apple Silicon chip HOT 4
- Issues with Firefox window preview after using "Privacy and security hardening guide" HOT 2
- Weird Google Language Banners in updated FireFox Config
- Suggestion regarding permissions in the macOS mac address randomization post
- Trouble with Firefox profiles
- borg/rsync borg-list and borg-check variables --prefix depricated -
- Firefox privacy guide not working after step 3 HOT 1
- VeraCrypt installed using legacy setup crashes on Tails
- Deprecated appcast for borg-wrapper cask
- APFS replaced HFS+ as format preferred by Time Machine for Destination disk since Big Sur in 2020.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacy-guides.