Willkommen bei bytebang » The blog about all and nothing » Re-setup your GPG keys with a GnuPG card

Re-setup your GPG keys with a GnuPG card

Dez 13 2017

Dieser Blog-Beitrag wurde noch nicht veröffentlicht.

The Problem

Due to a crash I had to setup my computer from scratch. Usually this is with Linux not a big deal:

  • Do a plain setup of any linux favour you like
  • Install thunderbird and copy the old profille from backup into the new home
  • Install firefox and copy the old profille from backup into the new home
  • Install pass (a super cool passoword manager) and copy the password store from backup

... but wait - pass uses my GPG keys which are stored on my GnuPG card. How can i restore this to get pass working again to decrypt my credentials ?

The Solution

The solution to this situation is to restore your public and private keys which where used to en/decrypt the credential managed by pass. Depending on where / how you are storing you keys this is more or less complicated.

If you are using a smartcard then the private key never leaves the card, and the private key which is stored in the .gnupg directory is just a placeholder / pointer toward the card itself.

So the first step is to get your cardreader working. On my Lenovo t440s Laptop this is an one-liner:

$sudo apt-get install haveged gnupg2 gnupg-agent libpth20 pinentry-curses libccid pcscd scdaemon libksba8 paperkey opensc pcsc_tools

After that you should be able to see your cardreader:

opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    No              Alcor Micro AU9560 00 00

... and poll your card with gnupg:

gpg --card-status

Reader ...........: 058F:9540:X:0
Application ID ...: D2760001240102000005000009F80000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 000009F8
Name of cardholder: Guenther Hutter
Language prefs ...: de
Sex ..............: male
URL of public key : http://www.bytebang.at/download/XWiki/guentherhutter/0x42F9628A.asc
Login data .......: [not set]

And now you can import your key like this:

gpg --card-edit

gpg/card> fetch
gpg: requesting key from 'http://www.bytebang.at/download/XWiki/guentherhutter/0x42F9628A.asc'
gpg: /home/gue/.gnupg/trustdb.gpg: trustdb created
gpg: key 2A48725B42F9628A: public key "Günther Hutter <guenther.hutter@bytebang.at>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg/card> quit

Get Social

(c) 2017, by bytebang e.U. - Impressum - Datenschutz / Nutzungsbedingungen