Re: Get the private portion of subkeys
Hi Alexander, thank you for giving me background information. It really helped, this sentenc was particularly helpful: Alexander Kulbartsch writes: > When you call "gpg --list-packets sec.asc" > I assume you see something like "gnu-divert-to-card, ..." under your > subkeys When I export today, I see "gnu-divert-to-card" on my subkeys. But if I check on an old backup, I don't see this. So I conclude that my backup contains the private subkeys (good news!). I just found out that if I don't see the subkeys after importing the backup it's just because they are expired: "show-unusable-subkeys" reveal them and everything is good. Thank you so much. -- Damien Cassou "Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Get the private portion of subkeys
Thank you both for your answers. I would like to understand why restoring the backup doesn't restore my subkeys. On a fresh ~/.gnupg, I did: $ gpg --list-packets /media/mystick/key gpg: keybox '/home/cassou/.gnupg/pubring.kbx' created # off=0 ctb=94 tag=5 hlen=2 plen=134 :secret key packet: … # off=136 ctb=b4 tag=13 hlen=2 plen=32 :user ID packet: "Damien Cassou " … # off=974 ctb=9c tag=7 hlen=2 plen=134 :secret sub key packet: version 4, algo 22, created 1531155780, expires 0 pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1) pkey[1]: [263 bits] … keyid: F36CF32DF9B09855 … The last key printed here is the one I would like to import back. Unfortunately, importing this file doesn't import subkeys: $ gpg --import-options restore --import /media/mystick/key gpg: key F72C652AE7564ECC: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 $ gpg -K gpg: /home/cassou/.gnupg/trustdb.gpg: trustdb created /home/cassou/.gnupg/pubring.kbx --- sec ed25519 2018-07-09 [C] [expired: 2023-07-08] 8E64FBE545A394F5D35CD202F72C652AE7564ECC uid [ expired] Damien Cassou Can someone explain why I don't get my subkeys back please? Thank you -- Damien Cassou "Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Get the private portion of subkeys
Hi, I have a usb smart card containing my subkeys and my master key is stored offline on a usb disk. When I list my secret keys while the usb disk is plugged in, I get: sec ed25519/0xF72C652AE7564ECC 2018-07-09 [C] [expires: 2027-12-21] Key fingerprint = 8E64 FBE5 45A3 94F5 D35C D202 F72C 652A E756 4ECC Keygrip = 35A4020C4AFC2279CEE0BC36E2CEE4EFA8C6CFD5 uid [ultimate] Damien Cassou uid [ultimate] Damien Cassou uid [ultimate] Damien Cassou ssb> ed25519/0xB68746238E59B548 2018-07-09 [S] [expires: 2026-01-02] Keygrip = C89E5AABCBF7142DBC26E68FB3121DE12DCBF4FF ssb> cv25519/0x65CD5E0200C56C17 2018-07-09 [E] [expires: 2026-01-02] Keygrip = 867EA9F6ADBEBE18ED98253B884F53CBD53C526B ssb> ed25519/0xF36CF32DF9B09855 2018-07-09 [A] [expires: 2026-01-02] Keygrip = 553D56865642B05AB3C5B62DC68795691702B960 As you can see, there is a '>' character before each subkey but not before the master key. Someone on the web has a similar setup but doesn't have the '>' before his subkeys [1]. Is that a problem? Am I missing something important? It seems this causes me the troubles mentioned at [1]. Recently, I changed my usb smart card and kept the same keys so I believe I have everything needed in some form. My private master key is symlinked in ~/.gnupg/private-keys-v1.d: $ ls -l ~/.gnupg/private-keys-v1.d/ … 35A4020C4AFC2279CEE0BC36E2CEE4EFA8C6CFD5.key -> /media/mystick/key … [1] https://github.com/pinpox/pgp2ssh/issues/6 -- Damien Cassou "Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users