| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] keytocard for new NEO https://forum.yubico.com/viewtopic.php?f=26&t=2095 |
Page 1 of 1 |
| Author: | daveperera [ Tue Nov 17, 2015 4:35 am ] |
| Post subject: | [QUESTION] keytocard for new NEO |
Hi, I'm trying to move keys from backup storage onto a new NEO. I've configured the NEO with new admin / users passwords, etc. But because I've already sharded my key with a previous NEO (still in my possession, no need to generate new keys), I get this response when executing the gpg> keytocard command: gpg: secret key already stored on a card. So now what? Do I delete the secring.gpg file on my hard drive and re-import the keys? Do I do that every time I configure a new NEO with my PGP keys? Help much appreciated! Thanks. |
|
| Author: | hiviah [ Wed Nov 18, 2015 2:22 pm ] |
| Post subject: | Re: [QUESTION] keytocard for new NEO |
In short, you don't need to delete whole keyring, just the key that is marked as exported to smartcard (Neo). You first need to delete the secret key from keyring with gpg --delete-secret-key. Then you import the full key (how it was before you moved it to smartcard). Then you use the classic keytocard, etc. Note: new Yubikey will have different serial number from the old Yubikey (you can see that when using gpg --list-secret-keys). So you will be able to use only one Yubikey at a time, even if both have identical RSA keys on them. Therefore it may be good idea to use --export-secret-key before using --delete-secret-key. You can import it later if you need to use the original Yubikey as a backup (I have it set up this way). |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|