Hi Damien!
Upfront some information you might probably already know.
When you "normally" create a new public/private key pair technically
*two* key pairs are created. Cross check with "gpg -K". One secret key
(sec) for signing and certify marked [SC] and another one, a secret sub
key (ssb) for encryption. You can see this when you look into the
.gnupg/private-keys-v1.d folder. There are two new keys.
From your "gpg -K" output I see, that you separated the your certify
and signing key (and also created an authorization key [A]). Your [S],
[E] and [A] private keys are only on the card. Your mounted/linked USB
drive does *only* seem to hold the [C] key. Otherwise it would not need
the card and indicate this with the cards corner ">".
When you now export your key as you did with
gpg --export-secret-keys --armor F72C652AE7564ECC > sec.asc
you could only export your private [C] key. It is impossible to extract
them from the from the smartcard.
When you call "gpg --list-packets sec.asc"
I assume you see something like "gnu-divert-to-card, ..." under your
subkeys, but not under your primary [C] key. (This part you left out
with ….)
Correct?
I hope this helps.
If you have any questions give us some more hints where (the above
explanation) diverges from what you expect.
Best regards
Alexander
On 30.03.24 17:20, Damien Cassou wrote:
Thank you both for your answers. I would like to understand why
restoring the backup doesn't restore my subkeys. On a fresh ~/.gnupg, I
did:
$ gpg --list-packets /media/mystick/key
gpg: keybox '/home/cassou/.gnupg/pubring.kbx' created
# off=0 ctb=94 tag=5 hlen=2 plen=134
:secret key packet:
…
# off=136 ctb=b4 tag=13 hlen=2 plen=32
:user ID packet: "Damien Cassou "
…
# off=974 ctb=9c tag=7 hlen=2 plen=134
:secret sub key packet:
version 4, algo 22, created 1531155780, expires 0
pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
pkey[1]: [263 bits]
…
keyid: F36CF32DF9B09855
…
The last key printed here is the one I would like to import
back. Unfortunately, importing this file doesn't import subkeys:
$ gpg --import-options restore --import /media/mystick/key
gpg: key F72C652AE7564ECC: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg -K
gpg: /home/cassou/.gnupg/trustdb.gpg: trustdb created
/home/cassou/.gnupg/pubring.kbx
---
sec ed25519 2018-07-09 [C] [expired: 2023-07-08]
8E64FBE545A394F5D35CD202F72C652AE7564ECC
uid [ expired] Damien Cassou
Can someone explain why I don't get my subkeys back please?
Thank you
OpenPGP_0x213E2CD3CABCF0B9.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users