Re: Keyring management with multiple smart cards
On Sat, Dec 15, 2018, at 12:53 AM, Wiktor Kwapisiewicz wrote: > 1. I use one smartcard as a primary device so T2291 isn't that critical, if > that > one fails I can just remove shadow files and --card-status a new card, it will > work. That doesn't happen frequently so manual removal of shadow file is not a > big problem (but it would be nice if the shadow files supported multiple card > serial numbers!). Where is the procedure to remove shadow files documented? I found this to be confusing to do, hence why I favored different subkeys for different smartcards. > One signing subkey per smartcard is fine as they're bound to the same primary > key (but if you're not using expiration users can get some interesting > behavior > like [1]). > > [1]: https://www.reddit.com/r/tails/comments/9rchgi/ Thanks for the tip! I have an expiration date set on all my keys. Thank you very much for your feedback Wiktor! -- Louis Opter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Garbled data in keyservers
On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > My proposal could be run also in parallel. I think it would be > > only a weekend job for a programmer to modify the server code, > > so that it accepts only incoming and verified email and not web > > or GnuPG via Tor submissions. > A weekend job... Muhahahahahahaha, you don't do much programming, don't > you? One would have to write an email bot, change the keyserver code to > no longer accept submissions via HKP, then it would be neccessary do > disable HKP for upload in GnuPG to avoid broken Clients and so on. While testing today how to make someones pub key non-importable,non- receivable, with an evil version of GnuPG, I am wondering about the following: Is it not possible that for pub key submissions GnuPG could be installed on key servers to check if the key material is valid, prior keys got added? My test today showed me that it looks like that GnuPG is not used on key servers. In case if there would be email submissions possible, in the future, i think it could work something like this: Install postfix and procmail, while procmail would pipe that message to gnupg for verification of valid key data, prior the pub key gets added to the pool. Well, just some thoughts. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Private Keys on Card Not Loaded
Hi, I deleted ~/.gnupg and imported the public key as you asked. All is working, thank you Dirk. I apologise for not checking this sooner and I'm not sure what broke as I tried a clean import previously. PS I also picked up a few good tips just by watching this list (thank you Werner for "echo foo | gpg --clearsign -v --debug ipc"). On Sat Dec 15 00:12, Dirk Gottschalk wrote: > Hi. > > Am Freitag, den 14.12.2018, 13:26 +0200 schrieb Robert Gabriel: > > Hi, > > > > I have created a master key along with a subkey for authenticating > > and a subkey for signing. > > > > I copied the subkeys to my smartcard (Nitrokey Pro 2) using gpg2 -- > > edit-key 93DA8C1D and did not enter save thereafter, but deleted them > > manually using gpg2 --card-edit. > > > > I deleted the master private key. > > gpg2 -K no private keys are visible. > > > > What have I missed? I read online the stubs are generated > > automatically with the above command. > > Did you import the public keys? Are they in the key-Ring? If not, than > you should do it, or the keys won't be recocnized. > > Regards, > Dirk > > -- > Dirk Gottschalk > Paulusstrasse 6-8 > 52064 Aachen, Germany > > GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 > Keybase.io: https://keybase.io/dgottschalk > GitHub: https://github.com/Dirk1980ac > signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
