Re: Second OpenPGP-card

2024-02-13 Thread Matthias Apitz 
El día martes, febrero 13, 2024 a las 12:47:13 +0100, Klaus Ethgen escribió:

> Hi,
> 
> Am Fr den  9. Feb 2024 um 15:36 schrieb Matthias Apitz:
> > Next question: Can I transfer somehow the key from one card to the
> > other to use the same encrypted files foo.gpg from my password store:
> > 
> > purism@pureos:~$ find .password-store/ -type f | wc -l
> > 373
> 
> Well, pass has its mechanism itself. Just reinit your store with both
> keys and it should reencrypt them.
> 
> I did that in the past with subdirs (where you can have different keys).

Hi Klaus,

I do not fully understand the procedure. 

Actually the .password-store/ is encrypted with the gpg-key-A on the
phone L5, number 1.

When I now create on the phone number 2 with the other OpenPGP card a
gpg-key-B, and transfer the .password-store/ by SCP to this phone
number 2, and run there:

pass init gpg-key-B

How 'pass' (i.e. gnupg) can decrypt the files of the .password-store/ without 
having
access to the OpenPGP card in phone 1 to re-encrypt them with gpg-key-B?

Could you or someone please be so kind and clarify this? Thanks in advance.

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.  Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Dirk-Willem van Gulik via Gnupg-users 


> On 13 Feb 2024, at 17:32, Matthias Apitz  wrote:
> 
> El día martes, febrero 13, 2024 a las 09:57:17a. m. -0500, Henning Follmann 
> escribió:
> 
>> On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
>>> El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
>>> Gnupg-users escribió:
>>> 
 On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
 
> So, can I buy this card here in Europe or even in Germany?
 
 floss-shop.de
>>> 
>>> I've contacted floss-shop.de. They can not provide (i.e. cut) the card
>>> to Micro-SIM format. And I will not cut it itself because it must fit
>>> exactly in the internal reader slot behint the battery, or it will not
>>> come out anyore.
>>> 
>> I do not know who you talked to but they offer their cards with a
>> ID000 cut out (25mm x 15mm). You can pop out the card  and smoothen the
>> corners with sandpaper.
>> That is the exact size you are looking for.
> 
> No. The card sizes are:
> 
>Standard SIM: 15 x 25mm.
>Micro SIM: 12 x 15mm.
>Nano SIM: 8.8 x 12.3mm.
> 
> We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
> do not offer a way to pop out Micro SIM.

In that case - you want this device:


https://www.bol.com/nl/nl/p/mmobiel-universele-3-in-1-standaard-micro-sim-cutter-nano-sim-kaart-knipper-inclusief-3-sim-adapters-1-sim-pin/920067066058/
https://www.amazon.com/2024-Card-Cutter-Standard-Micro/dp/B0CJGVX82H

And you do not need to cut 'that' accurate at all (in fact - cutting it with a 
scalpel or simply use sharp scirros an take care not to bend the chip bit - is 
very doable).

Dw.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Matthias Apitz 
El día martes, febrero 13, 2024 a las 09:57:17a. m. -0500, Henning Follmann 
escribió:

> On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
> > El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
> > Gnupg-users escribió:
> > 
> > > On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
> > > 
> > > > So, can I buy this card here in Europe or even in Germany?
> > > 
> > > floss-shop.de
> > 
> > I've contacted floss-shop.de. They can not provide (i.e. cut) the card
> > to Micro-SIM format. And I will not cut it itself because it must fit
> > exactly in the internal reader slot behint the battery, or it will not
> > come out anyore.
> > 
> I do not know who you talked to but they offer their cards with a
> ID000 cut out (25mm x 15mm). You can pop out the card  and smoothen the
> corners with sandpaper.
> That is the exact size you are looking for.

No. The card sizes are:

Standard SIM: 15 x 25mm.
Micro SIM: 12 x 15mm.
Nano SIM: 8.8 x 12.3mm.

We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
do not offer a way to pop out Micro SIM.

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Henning Follmann 
On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
> El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
> Gnupg-users escribió:
> 
> > On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
> > 
> > > So, can I buy this card here in Europe or even in Germany?
> > 
> > floss-shop.de
> 
> I've contacted floss-shop.de. They can not provide (i.e. cut) the card
> to Micro-SIM format. And I will not cut it itself because it must fit
> exactly in the internal reader slot behint the battery, or it will not
> come out anyore.
> 
I do not know who you talked to but they offer their cards with a
ID000 cut out (25mm x 15mm). You can pop out the card  and smoothen the
corners with sandpaper.
That is the exact size you are looking for.

You also could buy a nitrokey starter. this is basically a smartcard reader
with a smartcard in a clam shell. You can just pry the shell open and take
the smartcard out. Their other keys are tamper proofed (embedded in resin). 

=H

-- 
Henning Follmann   | hfollm...@itcfollmann.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

2024-02-13 Thread mlist_e9e869bc--- via Gnupg-users 
On 13/02/2024 09:57, Werner Koch 'wk at gnupg.org' wrote:
> Can you please try to import that key (with the v5 key signature) using
> a current 2.2. version (2.2.42)?  Or you can send me the public key by
> private mail so that I can check what's going on.
>
>
> Salam-Shalom,
>
> Werner
>
I couldn't find a distro with 2.2.42 so I have to compile it myself. I'm 
using Docker with ubuntu:latest.

In conclusion, the import failed.

```
$ gpg --version
gpg (GnuPG) 2.2.42
libgcrypt 1.9.4
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
     CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed

$ gpg --import PUBLIC_v5_certify.asc
gpg: packet(2) with unknown version 5
gpg: read_block: read error: Invalid packet
gpg: import from 'PUBLIC_v5_certify.asc' failed: Invalid keyring
gpg: Total number processed: 0
```

Is wk at gnupg.org the private email I can send the public key to you? 
I'm willing to send you a copy to examine but not publicly as that's 
(now I remember) a result of a dumb experiment.

Regards,
Hartman



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Matthias Apitz 
El día martes, febrero 13, 2024 a las 03:40:12p. m. +0100, Jakob Bohm via 
Gnupg-users escribió:

> On 2024-02-13 14:32, Matthias Apitz wrote:
> > El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
> > Gnupg-users escribió:
> > 
> > > On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
> > > 
> > > > So, can I buy this card here in Europe or even in Germany?
> > > floss-shop.de
> > I've contacted floss-shop.de. They can not provide (i.e. cut) the card
> > to Micro-SIM format. And I will not cut it itself because it must fit
> > exactly in the internal reader slot behint the battery, or it will not
> > come out anyore.
> Because the GPG specific code installed on the card is FLOSS, you might be
> able to
> buy blank cards in the desired form factor and install the code yourself,
> provided
> the parts (code and card) can be legally transported to Cuba despite US
> sanctions.
> In particular,  the Card Operating System or runtime may be of US origin and
> thus
> subject to sanctions.

I live in Europa  and travel often to Cuba.

Where could I get a blank card MicroSIM, the code and a manual how to
flash it into the card?

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Jakob Bohm via Gnupg-users 

On 2024-02-13 14:32, Matthias Apitz wrote:

El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
Gnupg-users escribió:


On Fri,  9 Feb 2024 15:36, Matthias Apitz said:


So, can I buy this card here in Europe or even in Germany?

floss-shop.de

I've contacted floss-shop.de. They can not provide (i.e. cut) the card
to Micro-SIM format. And I will not cut it itself because it must fit
exactly in the internal reader slot behint the battery, or it will not
come out anyore.
Because the GPG specific code installed on the card is FLOSS, you might 
be able to
buy blank cards in the desired form factor and install the code 
yourself, provided
the parts (code and card) can be legally transported to Cuba despite US 
sanctions.
In particular,  the Card Operating System or runtime may be of US origin 
and thus

subject to sanctions.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Matthias Apitz 
El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via 
Gnupg-users escribió:

> On Fri,  9 Feb 2024 15:36, Matthias Apitz said:
> 
> > So, can I buy this card here in Europe or even in Germany?
> 
> floss-shop.de

I've contacted floss-shop.de. They can not provide (i.e. cut) the card
to Micro-SIM format. And I will not cut it itself because it must fit
exactly in the internal reader slot behint the battery, or it will not
come out anyore.

> 
> > If not, I could with a script decrypt all the files in this tree and
> > encrypt them again after setup the card. But, it would be better just
> > copy the files over by SCP, also when passwords get added or updated.
> 
> Actually we have an open task for re-encryption:
> https://dev.gnupg.org/T1825
> 
> For small messages this is easy but there is no easy solution for large
> data.  A detached encryption packet is a theoretical option.

The files of the password store are very small, normal two lines like

secret
Username: g...@unixarea.de

Is this code already available for testing?

Thanks

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Klaus Ethgen 
Hi,

Am Fr den  9. Feb 2024 um 15:36 schrieb Matthias Apitz:
> Next question: Can I transfer somehow the key from one card to the
> other to use the same encrypted files foo.gpg from my password store:
> 
> purism@pureos:~$ find .password-store/ -type f | wc -l
> 373

Well, pass has its mechanism itself. Just reinit your store with both
keys and it should reencrypt them.

I did that in the past with subdirs (where you can have different keys).

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Second OpenPGP-card

2024-02-13 Thread Werner Koch via Gnupg-users 
On Fri,  9 Feb 2024 15:36, Matthias Apitz said:

> So, can I buy this card here in Europe or even in Germany?

floss-shop.de

> If not, I could with a script decrypt all the files in this tree and
> encrypt them again after setup the card. But, it would be better just
> copy the files over by SCP, also when passwords get added or updated.

Actually we have an open task for re-encryption:
https://dev.gnupg.org/T1825

For small messages this is easy but there is no easy solution for large
data.  A detached encryption packet is a theoretical option.



Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Incompatible secret key format between 2.4.4 and 2.2.27?

2024-02-13 Thread Werner Koch via Gnupg-users 
On Sun, 11 Feb 2024 20:28, mlist_e9e869bc--- said:

> signature is done in Version 5, instead of Version 4 like other parts of 
> the key. With that certify signature removed, I can import the secret 
> key to GPG 2.2.27 no problem.

Can you please try to import that key (with the v5 key signature) using
a current 2.2. version (2.2.42)?  Or you can send me the public key by
private mail so that I can check what's going on.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users