Hello,I have a gpg key that was generated on a yubikey with the gpg card generate command. I now have a second yubikey, and I would like to generate and store a signature and authentication subkey on this second yubikey, but I am running into some issues. Ideally, I would like to be able to type in `gpg --expert --edit-key KeyID` and then go `addcardkey` with the secondary yubikey attached. This starts to work and generates a key on the secondary yubikey, but then it will ask me to insert the primary yubikey presumably to sign the change; however, even after I insert the primary yubikey, GPG does not recognize it, and if I remove the secondary yubikey the process is aborted. The other thing I tried was to run `generate` on the secondary yubikey so that it would generate its key slots and then once again run `gpg --expert --edit-key KeyID`, but this time called `addkey` and select option 13 to add an existing key hoping that it would just need the primary yubikey to sign off on the changes. Still, even after it asks for the pin of the primary yubikey, it then asks for the secondary yubikey and runs into the same issue. What is the best way to do this where the subkeys are generated on the yubikey and then signed by the primary yubikey? Also, unrelated question, but I could not find much information on this; on the Yubico website, it says if you call generate on the smartcard >When prompted, specify if you want to make an off-card backup of your encryption key. >Note: This is a shim backup of the private key, not a full backup, and cannot be used to restore to a new YubiKey. What exactly is a shim backup? Is this just the private encryption key but nothing else, or does it not actually include any private encryption key? Is there a way to generate this key where the encryption key is never exposed outside the yubikey?
-- Brandon Anderson
OpenPGP_0x255837AEF812E87E.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
