Gpg: using "DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF" as default secret key for signing Key fingerprint = DEAD BEEF DEAD BEEF DEAD BEEF DEAD BEEF DEAD BEEF GPG shows that the secret key is not available, but there is a signing key on the attached smart card: I am trying to add local signatures to a few of the public keys I have in my keyring, but usingįails with the message "no secret key" despite the fact that If you have something else in mind you might want to ask a question focussed on that end goal rather than the mechanics. I've tried to avoid speculating as to why you might want to do this but the only valid reason I can think of is to avoid typing a long password when you have a yubikey available. How you do that would do that depends on your OS. One with the full key and one with the stubs and have something external to gpg switch which one is active when the yubikey is plugged in/unplugged. I think the only way to do what you are trying to do would be to have two copies of your keyring on each machine. If it was easy to set things up this way then people might think they had secured their keys by moving them into they card when they had really just made a copy. ![]() The intended purpose of hardware tokens like the yubikey when used with PGP keys is to avoid having private keys lying around on disk which is why the scenario you envisage isn't supported. ![]() I can only have one working at a given time. It seems will stubbornly not acknowledge the existence of a private key on both a keycard and in the local keyring. Yet I can't seem to find a way to make this work. It's quite a simple and obvious thing I'm trying to do: allow either the YubiKeys or the local keyring to be used for signature, authentication or signing, and prefer the YubiKeys when available. , suggesting the keys are stored on an external card, andĬan no longer sign with those subkeys with the local keyring when I remove the YubiKey! The private keys may have been deleted from the local machine. Now the YubiKey works, but the local keyring now lists the subkeys with Gpg-connect-agent "scd serialno" "learn -force" /bye To refresh its knowledge on the available keys on keycards with this command: I learned from this answer that I can tell ![]() To prefer a keycard when it is available. Will only use the local keyring, even when the YubiKey is available. Subkeys to both my YubiKeys and to my local keyring. Eventually I worked around this though, and copied the same triplet of The key to the keycard (YubiKey) and leaves behind a stub on the local machine indicating that the key is present on a keycard. Subkeys between my local machine(s) and the YubiKeys. It seems that the only way I can do this is by sharing Encryption Of my local keys, YubiKey #1 or YubiKey #2 in order to encrypt or authenticate with any server. Will by default encrypt for the last subkey generated- i.e. Somebody can help me or try to explain me where are my error.First, I do not want to use separate subkeys for the two YubiKeys because when I distribute the public keys, It shows me an error with the certificate. I the step 2FA, when the markets show me an "encrypted code" which I may to decrypt, Kleopatra PGP doesnt permet me enter my "secret key". UP HERE all right, but now with this certificated imported from the same pc but with different SO I cannot decrypy any message. But I take cure to export my certificate from WIndows in order to import its again on my new Linux system.Īfter when my Linux pc was ready I imported the certificate suscesfully (file.asc). But after I change my SO from Windows -> Linux. Third I set my 2FA with this public key.ĭuring some months I can sing in without problem. ("public key" wich people can encrypt message for me). I try to explain better that situation,įirst I create a new key par with my "secret key" in a Windows SO. When its show me an encrypted message (what i should decrypt with mi secret key), I cannot decrypt it. ![]() Recently i have several problem with 2FA authentication on different market.
0 Comments
Leave a Reply. |