Yubico Forum

Re: [Q] OpenPGP Public Key wont change/update with new Key..

2015-10-27T22:59:08+01:00

*Update*

I just went ahead and revoked the keys and started over again.

Generating a new key, for Certify only and then 3 separate subkeys; 1 each for Encryption, Signing and Authentication, I was able to back them up to my offline storage and 'keytocard' them.

I have tested these new keys and everything seems to be working. Prior I was getting the 'Unusable Secret Key' error on doing ANY signing with the key on the Yubikey but these are now working as intended.

Thanks for a great product!
~Richard

Statistics: Posted by RBerg — Tue Oct 27, 2015 10:59 pm

Re: OpenPGP Public Key wont change/update with new Key..

2015-10-26T16:38:54+01:00

I have checked again and in fact, the key in the Public Info area of the key is actually the signature key ID of the Yubikey key.

While this technically is *better* than using the old Public Key from the previous testing; I now have issues signing any files resulting in the error(s):

Code:

>gpg -esa --default-key 9B5026D5 test.txt
gpg: no default secret key: Unusable secret key
gpg: test.txt: sign+encrypt failed: Unusable secret key

It seems I'm unable to sign anything with the Signing cert on the Yubikey.

Statistics: Posted by RBerg — Mon Oct 26, 2015 4:38 pm

[Q] OpenPGP Public Key wont change/update with new Key..

2015-10-26T17:21:51+01:00

Greetings!

New Yubikey NEO owner here..

So was testing a few things out using my new Yubikey and generated all 3 OpenPGP keys (E,S,A) off a GnuGPG base key.

Everything went well but I messed up my keysize so I restarted without posting the key(s) to a keyserver.

After generating the base key offline I then created the 3 Yubikey key's and everything worked well however the old key ID didn't seem to update. It's still in reference to the old key ID and no matter what URL I place in the Yubikey; it still tries to update the old key and never pulls in the new ID.

Here is a snapshot of the key details:

Code:

Application ID ...: D2760001240102000006038127890000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: [REDCATED]
Name of cardholder: Richard T. Berg
Language prefs ...: en
Sex ..............: male
URL of public key : http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x605501E49B5026D5
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: [REDACTED]
      created ....: 2015-10-25 22:00:20
Encryption key....: [REDACTED]
      created ....: 2015-10-25 21:55:08
Authentication key: [REDACTED]
      created ....: 2015-10-25 22:01:12
General key info..:
pub  2048R/0x78F33417319EDF96 2015-10-25 Richard T. Berg 
sec#  3744R/0x605501E49B5026D5  created: 2015-10-25  expires: never
ssb>  2048R/[REDACTED] created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]
ssb>  2048R/[REDACTED]  created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]
ssb>  2048R/[REDACTED]  created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]

As you can see the public key ID should be 9B5026D5 however the public on the Yubikey is set to the old 319EDF96

If I update the URL to a proper keyserver link to my new Key ID and issue a fetch, it comes back unchanged. I've tried several dump URL's such as pastebin, my own webserver, everything and it still will NOT update the public key on the Yubikey to the one I generated second.

Code:

gpg/card> fetch
gpg: requesting key 0x78F33417319EDF96 from http server keyserver.ubuntu.com
gpg: key 0x605501E49B5026D5: "Richard T. Berg " not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

What am I doing wrong here?
Help? Sugguestions?

Thanks!
~Richard

Statistics: Posted by RBerg — Mon Oct 26, 2015 2:45 am