Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:28 am

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Apr 20, 2015 3:32 am 

Joined: Thu Apr 16, 2015 7:05 pm
Posts: 8
In the following use case, what's the best solution to the broken step 7?

1. Insert Yubikey on machine M1 that has OpenGPG
2. rm -rf .gnupg
3. gpg --card-edit, admin, generate
>. AFAIK this installs a "stub" private key in the OpenGPG keychain, which I can now see.
4. Encrypt something with the new public key and send to machine M1
5. Eject Yubikey
6. Insert Yubikey into a totall different machine M2
7. Attempt to decrypt
> Arrg! The OpenGPG Keychain on M2 doesn't have the "stub" private key, I can't do anything!

I do know ways to get that stub into the keychain, but they are really sucky:
- Add a step 3.1: from the GPG keychain, export the secret key. Since it's just a stub, send it to M2, and import into the keychain on M2.
> Sucky because of having to mess with an extra file.
- Or, Add a step 3.1: upload the public key to a server. Then on machine M2, do:
gpg --card-edit, fetch, quit;
followed by
gpg --card-status.

> Sucky because what if machine M2 is offline/airgapped, then this won't work.

What I want is to be able to walk up to any machine that has OpenGPG installed, insert my Yubikey, access some ciphertext either online or from a USB, and decrypt.

I don't want to have to mess with some file or key server (Steps 3.1 above) or arcane commands too. I just want to insert the Yubikey and start decrypting.

Is there a way?

TMIA, /rb

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Jul 16, 2015 11:50 pm 

Joined: Mon Jul 06, 2015 10:38 pm
Posts: 4
good question. i got the same problem now and the only ways to get it work seems to upload your public key to a keyserver or import the public or private key to your air-gapped M2.

not that nice that i thought it could be.
i'm wondering that the public key can not be generated from the smartcard.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group