On 05/16/2017 07:55 AM, Matthias Apitz wrote:
The question remains: Why I do have to move the files below .gnupg/ to the other workstation?
The card only contains the private keys. GnuPG also needs some informations that are only contained in the public parts, such as the User IDs associated with the key and the bindings between a primary key and its subkeys.
So while you no not have to move *all* the files below .gnupg, you at least need to import your *public* key onto your other workstation.
(That's why the card editor of GnuPG has a "fetch" command. The idea is that you put your public key in a publicly-accessible location, and make the "URL" field of your card point to that location. With that, upon arriving onto a new computer--with an empty or inexisting .gnupg--, you can get a working setup just by inserting your card, firing up the card editor, and using the "fetch" command".)
And, what are the files below .gnupg/private-keys-v1.d are exactly?
They normally contain the private key themselves. When the private keys are stored on a smartcard, they are "stubs", whose purpose is to inform GnuPG that the keys are on a smartcard (notably, they contain the serial number of said smartcard).
GnuPG should normally re-create those stubs automatically if they do not exist when you run the --card-status command, so you should not have to copy them over manually.
What is troubling in your experience is that you said there was "no key in the card" when you first run "gpg2 --card-status" on the new workstation. I have no explanation for that.
Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
