Hi Damien! Upfront some information you might probably already know.When you "normally" create a new public/private key pair technically *two* key pairs are created. Cross check with "gpg -K". One secret key (sec) for signing and certify marked [SC] and another one, a secret sub key (ssb) for encryption. You can see this when you look into the .gnupg/private-keys-v1.d folder. There are two new keys.
From your "gpg -K" output I see, that you separated the your certify and signing key (and also created an authorization key [A]). Your [S], [E] and [A] private keys are only on the card. Your mounted/linked USB drive does *only* seem to hold the [C] key. Otherwise it would not need the card and indicate this with the cards corner ">".
When you now export your key as you did with
gpg --export-secret-keys --armor F72C652AE7564ECC > sec.asc
you could only export your private [C] key. It is impossible to extract
them from the from the smartcard.
When you call "gpg --list-packets sec.asc"I assume you see something like "gnu-divert-to-card, ..." under your subkeys, but not under your primary [C] key. (This part you left out with ….)
Correct? I hope this helps.If you have any questions give us some more hints where (the above explanation) diverges from what you expect.
Best regards
Alexander
On 30.03.24 17:20, Damien Cassou wrote:
Thank you both for your answers. I would like to understand why restoring the backup doesn't restore my subkeys. On a fresh ~/.gnupg, I did: $ gpg --list-packets /media/mystick/key gpg: keybox '/home/cassou/.gnupg/pubring.kbx' created # off=0 ctb=94 tag=5 hlen=2 plen=134 :secret key packet: … # off=136 ctb=b4 tag=13 hlen=2 plen=32 :user ID packet: "Damien Cassou <dam...@cassou.me>" … # off=974 ctb=9c tag=7 hlen=2 plen=134 :secret sub key packet: version 4, algo 22, created 1531155780, expires 0 pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1) pkey[1]: [263 bits] … keyid: F36CF32DF9B09855 … The last key printed here is the one I would like to import back. Unfortunately, importing this file doesn't import subkeys: $ gpg --import-options restore --import /media/mystick/key gpg: key F72C652AE7564ECC: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1$ gpg -Kgpg: /home/cassou/.gnupg/trustdb.gpg: trustdb created /home/cassou/.gnupg/pubring.kbx ------------------------------- sec ed25519 2018-07-09 [C] [expired: 2023-07-08] 8E64FBE545A394F5D35CD202F72C652AE7564ECC uid [ expired] Damien Cassou <dam...@cassou.me> Can someone explain why I don't get my subkeys back please? Thank you
OpenPGP_0x213E2CD3CABCF0B9.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
