On 2024-02-09 14:36, Matthias Apitz wrote:
Next question: Can I transfer somehow the key from one card to the other to use the same encrypted files foo.gpg from my password store: purism@pureos:~$ find .password-store/ -type f | wc -l 373
No, the entire point of an openpgp card is that you can't copy the key material off it (otherwise it would have no advantages over a thumb drive). I always recommend that people generate their key material on a removable encrypted drive and then copy it onto the card, keeping a backup copy on the encrypted drive. Otherwise you run the risk of data loss when your card breaks or is lost.
If not, I could with a script decrypt all the files in this tree and encrypt them again after setup the card. But, it would be better just copy the files over by SCP, also when passwords get added or updated.
It would depend on how `pass` works, whether there are any particular parameters that need to be supplied with the encryption command. Perhaps best to ask the `pass` maintainers about support for re-encryption in general - the process shouldn't depend on whether or not you're using a card.
A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users