On Samstag, 16. April 2022 09:10:58 CEST Felix Mayr via Gnupg-users wrote: > So, I decided to use a Yubikey to store my GPG-subkeys. Using the > smartcard functionality I can store 3 different subkeys and so thought > that I could actually store some multi-usage key > (authentication/encryption) there so I can have per-key-encryption for > private-data (notably passwords with pass). However, while I can use the > main encrpytion key in "slot 2" just fine, I can't decrypt with the > "multi"-purpose key stored in the yubikey anymore (yes, I'm using > --try-all-secrets). > > Is this a limitation of the smartcard standard or just an opioniated > choice in GPG or am I doing something wrong? If it's not possible with > the smartcard: can I use the PIV-mode of the yubikey for that purpose?
The OpenPGP card standard offers three slots. Each slot is single usage. The key in the first slot is used for signing (data and keys) exclusively, the key in the second slot is used for encryption exclusively, and the key in the third slot is used for authentication (i.e. with ssh) exclusively. If your Yubikey supports PIV then you can store more keys with PIV. You need GnuPG 2.3 for full multi-card and multi-card-app (e.g. OpenPGP _and_ PIV) support. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users