| Yubico Forum https://forum.yubico.com/ |
|
| Generate keys on machine M1, decrypt on M2: how??? https://forum.yubico.com/viewtopic.php?f=23&t=1843 |
Page 1 of 1 |
| Author: | rbondi [ Mon Apr 20, 2015 3:32 am ] |
| Post subject: | Generate keys on machine M1, decrypt on M2: how??? |
In the following use case, what's the best solution to the broken step 7? 1. Insert Yubikey on machine M1 that has OpenGPG 2. rm -rf .gnupg 3. gpg --card-edit, admin, generate >. AFAIK this installs a "stub" private key in the OpenGPG keychain, which I can now see. 4. Encrypt something with the new public key and send to machine M1 5. Eject Yubikey 6. Insert Yubikey into a totall different machine M2 7. Attempt to decrypt > Arrg! The OpenGPG Keychain on M2 doesn't have the "stub" private key, I can't do anything! I do know ways to get that stub into the keychain, but they are really sucky: - Add a step 3.1: from the GPG keychain, export the secret key. Since it's just a stub, send it to M2, and import into the keychain on M2. > Sucky because of having to mess with an extra file. - Or, Add a step 3.1: upload the public key to a server. Then on machine M2, do: Code: gpg --card-edit, fetch, quit; followed by Code: gpg --card-status. > Sucky because what if machine M2 is offline/airgapped, then this won't work. What I want is to be able to walk up to any machine that has OpenGPG installed, insert my Yubikey, access some ciphertext either online or from a USB, and decrypt. I don't want to have to mess with some file or key server (Steps 3.1 above) or arcane commands too. I just want to insert the Yubikey and start decrypting. Is there a way? TMIA, /rb |
|
| Author: | Aefan [ Thu Jul 16, 2015 11:50 pm ] |
| Post subject: | Re: Generate keys on machine M1, decrypt on M2: how??? |
good question. i got the same problem now and the only ways to get it work seems to upload your public key to a keyserver or import the public or private key to your air-gapped M2. not that nice that i thought it could be. i'm wondering that the public key can not be generated from the smartcard. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|