| Yubico Forum https://forum.yubico.com/ |
|
| [Q] OpenPGP Public Key wont change/update with new Key.. https://forum.yubico.com/viewtopic.php?f=26&t=2070 |
Page 1 of 1 |
| Author: | RBerg [ Mon Oct 26, 2015 2:45 am ] |
| Post subject: | [Q] OpenPGP Public Key wont change/update with new Key.. |
Greetings! New Yubikey NEO owner here.. So was testing a few things out using my new Yubikey and generated all 3 OpenPGP keys (E,S,A) off a GnuGPG base key. Everything went well but I messed up my keysize so I restarted without posting the key(s) to a keyserver. After generating the base key offline I then created the 3 Yubikey key's and everything worked well however the old key ID didn't seem to update. It's still in reference to the old key ID and no matter what URL I place in the Yubikey; it still tries to update the old key and never pulls in the new ID. Here is a snapshot of the key details: Code: Application ID ...: D2760001240102000006038127890000 Version ..........: 2.0 Manufacturer .....: Yubico Serial number ....: [REDCATED] Name of cardholder: Richard T. Berg Language prefs ...: en Sex ..............: male URL of public key : http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x605501E49B5026D5 Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 3 Signature key ....: [REDACTED] created ....: 2015-10-25 22:00:20 Encryption key....: [REDACTED] created ....: 2015-10-25 21:55:08 Authentication key: [REDACTED] created ....: 2015-10-25 22:01:12 General key info..: pub 2048R/0x78F33417319EDF96 2015-10-25 Richard T. Berg <rberg@neo.rr.com> sec# 3744R/0x605501E49B5026D5 created: 2015-10-25 expires: never ssb> 2048R/[REDACTED] created: 2015-10-25 expires: 2016-10-24 card-no: 0006 [REDACTED] ssb> 2048R/[REDACTED] created: 2015-10-25 expires: 2016-10-24 card-no: 0006 [REDACTED] ssb> 2048R/[REDACTED] created: 2015-10-25 expires: 2016-10-24 card-no: 0006 [REDACTED] As you can see the public key ID should be 9B5026D5 however the public on the Yubikey is set to the old 319EDF96 If I update the URL to a proper keyserver link to my new Key ID and issue a fetch, it comes back unchanged. I've tried several dump URL's such as pastebin, my own webserver, everything and it still will NOT update the public key on the Yubikey to the one I generated second. Code: gpg/card> fetch gpg: requesting key 0x78F33417319EDF96 from http server keyserver.ubuntu.com gpg: key 0x605501E49B5026D5: "Richard T. Berg <rberg@neo.rr.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 What am I doing wrong here? Help? Sugguestions? Thanks! ~Richard |
|
| Author: | RBerg [ Mon Oct 26, 2015 4:38 pm ] |
| Post subject: | Re: OpenPGP Public Key wont change/update with new Key.. |
I have checked again and in fact, the key in the Public Info area of the key is actually the signature key ID of the Yubikey key. While this technically is *better* than using the old Public Key from the previous testing; I now have issues signing any files resulting in the error(s): Code: >gpg -esa --default-key 9B5026D5 test.txt gpg: no default secret key: Unusable secret key gpg: test.txt: sign+encrypt failed: Unusable secret key It seems I'm unable to sign anything with the Signing cert on the Yubikey. |
|
| Author: | RBerg [ Tue Oct 27, 2015 10:59 pm ] |
| Post subject: | Re: [Q] OpenPGP Public Key wont change/update with new Key.. |
*Update* I just went ahead and revoked the keys and started over again. Generating a new key, for Certify only and then 3 separate subkeys; 1 each for Encryption, Signing and Authentication, I was able to back them up to my offline storage and 'keytocard' them. I have tested these new keys and everything seems to be working. Prior I was getting the 'Unusable Secret Key' error on doing ANY signing with the key on the Yubikey but these are now working as intended. Thanks for a great product! ~Richard |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|