Re: [QUESTION] keytocard for new NEO

2015-11-18T14:22:40+01:00

In short, you don't need to delete whole keyring, just the key that is marked as exported to smartcard (Neo). You first need to delete the secret key from keyring with gpg --delete-secret-key. Then you import the full key (how it was before you moved it to smartcard).

Then you use the classic keytocard, etc.

Note: new Yubikey will have different serial number from the old Yubikey (you can see that when using gpg --list-secret-keys). So you will be able to use only one Yubikey at a time, even if both have identical RSA keys on them.

Therefore it may be good idea to use --export-secret-key before using --delete-secret-key. You can import it later if you need to use the original Yubikey as a backup (I have it set up this way).

Statistics: Posted by hiviah — Wed Nov 18, 2015 2:22 pm

[QUESTION] keytocard for new NEO

2015-11-17T04:35:11+01:00

Hi, I'm trying to move keys from backup storage onto a new NEO. I've configured the NEO with new admin / users passwords, etc.

But because I've already sharded my key with a previous NEO (still in my possession, no need to generate new keys), I get this response when executing the gpg> keytocard command:

gpg: secret key already stored on a card.

So now what? Do I delete the secring.gpg file on my hard drive and re-import the keys? Do I do that every time I configure a new NEO with my PGP keys?

Help much appreciated! Thanks.

Statistics: Posted by daveperera — Tue Nov 17, 2015 4:35 am

Yubico Forum

Re: [QUESTION] keytocard for new NEO

[QUESTION] keytocard for new NEO