jero0en wrote:
Hi,
I want to decrypt and sign email and use my NEO for SSH logons. I've mostly used the tutorial @<https://github.com/drduh/YubiKey-Guide>. Actions and results:
- Created key material on an airgapped PC.
- Keys:
- Master key on secure offline media.
- Encryption key on NEO.
- Signing key on NEO.
- Authentication key on NEO.
- SSH:
- Configured SSH on Ubuntu.
- Installed Kleopatra and GPG agent on Windows 10.
- Logons to Ubuntu with PuTTY and NEO work: success!
- Mail GPG:
- gpg --import publickey.asc: success.
- gpg --card-status etc.: success.
- gpg encryptedmessage.asc: success. So the NEO is used for decryption.
In short: the setup seems to work perfectly fine.
However I've got a problem: I cannot get Kleopatra to work with the NEO setup. What I've tried - similar to above but in Kleopatra:
- Import publickey.asc (same file as above): "Total number of processed:1, Imported: 0".
- Decrypt encryptedmessage.asc (same file as above): "Verification failed: general error".
Question: how can I get Kleopatra to work with my NEO?
Thanks,
Jeroen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
You clearly need to read up on PGP.
Encrypting is done with the public key (which you did import, though you could have done this an easier way using the fetch command along with the gpg --card-edit if you did set url to your key)
Decrypting is however done with the private subkey (which is supposed to be stored on your card
Try doing the following:
Upload your public key somewhere (preferably a keyserver such as pgp.mit.edu or keybase.io)
Set the url to your pgp card/yubikey using the gpg --card-edit command, then the admin command and finally the url command.
Delete your key entirely from your computer (public and private stubs)
Use gpg --card-edit command then fetch command
Finally use the gpg --card-status command
-----BEGIN PGP SIGNATURE-----
iQFfBAEBCgBJQhxNYXRoaWV1IEhFUlZBSVMgKEdlbmVyYXRlZCBmb3IgWXViaWtl
eSBORU8pIDxtYXRoaWV1bGhAZ21haWwuY29tPgUCWIHjqwAKCRCmuJwc9wJSCM+D
B/9GoHl7sycgDcHke3FwfTr1YI65EZb34HepmkcPxUnwHxRykTHbGU3PK27x0vOV
UzfNNc/C3bvWm2UXfaM2b00vDws1n/L8TN63dm6AY42RM2MWjB9MEd2AsMn8zIMR
wpZQAoqKgMgTCFQTuC11P4gMAGzzrMzjm2WebqD3oCnTNRrvBLLiyS7e08BTRGKN
6zYRu+aDU2PJfRk8C0x3UBWfPtrcAOncNf/4a3yKKyFV4B7DotAgKaHvGT4Wbnre
67Aerkl0LENGLb5iDJa46ZvAkpGOI1FMleEmf+oZ/bP2lZ2OiX3D3WIhMm6mdKN5
XLAt7/qufEsy9l3k7bIUmtZ4
=yF3X
-----END PGP SIGNATURE-----