Using a GnuPG CCID card in another computer (follow-up)
Matthias Apitz
guru at unixarea.de
Tue May 16 07:55:54 CEST 2017
El día lunes, mayo 15, 2017 a las 07:25:12p. m. +0200, Matthias Apitz escribió:
>
> Hello,
>
> I have a GnuPG smart card OMNIKEY 6121 Mobile USB and configured its
> use in my FreeBSD 12-CURRENT netbook, generated keys and I'm able to use
> it to login with SSH into other servers (after moving the pub key to
> the server into ~/.ssh/authorized_keys); the only tricky part was to figure
> out how to enter the PIN behind 'ssh' --> 'gpg-agent' --> /usr/local/bin/pinentry
>
> So far so good.
>
> Now I wanted the same SIM in another FreeBSD workstation (at work), but when
> I do use it there, for example with 'gpg2 --card-status', there is no key in the
> card and as well 'gpg2 --export-ssh-key guru' does not know how to
> export the key due to missing pub key.
>
> Should I move the full content of ~/.gnupg as well to the 2nd computer?
> And if so, why? I was thinking that all the key material (apart of the
> backup) is on the SIM and I only need its PIN...
Follow-up.
I have now copied all the files below to the other workstation and now all is
fine there too, i.e. I can export the pub key with 'gpg2 --export-ssh-key guru'
and use it for SSH being asked for the PIN of the card. The files are:
$ ls -lR .gnupg
total 52
-rw------- 1 guru wheel 2649 12 may. 22:41 dirmngr.conf
-rw-r--r-- 1 guru wheel 19 15 may. 11:41 gpg-agent.conf
-rw------- 1 guru wheel 5191 12 may. 22:41 gpg.conf
drwx------ 2 guru wheel 512 14 may. 20:30 openpgp-revocs.d
drwx------ 2 guru wheel 512 14 may. 20:29 private-keys-v1.d
-rw-r--r-- 1 guru wheel 3573 14 may. 20:30 pubring.kbx
-rw------- 1 guru wheel 32 12 may. 22:41 pubring.kbx~
-rw------- 1 guru wheel 600 15 may. 09:58 random_seed
-rw-r--r-- 1 guru wheel 7 15 may. 15:21 reader_0.status
-rw------- 1 guru wheel 1865 14 may. 20:29 sk_61F1ECB625C9A6C3.gpg
-rw-r----- 1 guru wheel 676 15 may. 11:45 sshcontrol
-rw------- 1 guru wheel 1280 15 may. 09:23 trustdb.gpg
.gnupg/openpgp-revocs.d:
total 4
-rw------- 1 guru wheel 1799 14 may. 20:30 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11.rev
.gnupg/private-keys-v1.d:
total 24
-rw------- 1 guru wheel 1873 14 may. 20:17 147F71A678B411855B4BCCC48FAEC8689B5E1C23.key
-rw------- 1 guru wheel 615 14 may. 20:29 314DE72F03D41683E06A504769970A1643825B38.key
-rw------- 1 guru wheel 617 14 may. 20:09 45BDBABA30A3511D507B8A08A28D425F7CD417C6.key
-rw------- 1 guru wheel 615 14 may. 20:29 7E22A904DB3BE5A98F98AFDEED61DF1364DD949B.key
-rw------- 1 guru wheel 615 14 may. 20:29 937BA1F6A95F68222EC2C6F9573100E17EE9522E.key
-rw------- 1 guru wheel 617 14 may. 20:17 B0E0BFC22F116B541848DF6593B418BBB63C0CC0.key
When I generated the keys on the card (gpg2 --cardedit --> admin --> generate)
on May 14, I have had to do this twice because I was logged out from the card due to
to long thinking about the passphrase for the backup of the key to the file
sk_61F1ECB625C9A6C3.gpg; one can see this on the time of the files below
.gnupg/private-keys-v1.d; the 2nd run started around 20:20 and was
successful at 20:29.
The question remains: Why I do have to move the files below .gnupg/ to
the other workstation? And, what are the files below .gnupg/private-keys-v1.d
are exactly?
Thanks
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
More information about the Gnupg-users
mailing list