[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Adding GPG keys to a smart card

To: DCGLUG <list@xxxxxxxxxxxxx>
Subject: [LUG] Adding GPG keys to a smart card
From: Henry Bremridge <henry.bremridge@xxxxxxxxx>
Date: Sat, 24 Mar 2007 14:02:26 +0000

Saw an exchange of correspondence on the IRC about adding gpg keys to a
smart card

For those interested, I cheated and even then got things wrong...

1/ I paid to join www.fsfe.org to put some money into keeping free software

2/ Got the card and follow the directions

a) Installed the appropriate drivers

https://www.fsfe.org/en/card/howto/card_reader_howto_udev

b) Then tried to set up my card with subkeys only. 

http://www.fsfe.org/en/card/howto/subkey_howto

Here is where I went wrong: at step 4.2.1: addcardkey

What happened is that the keys did not transfer over smoothly, 2
sub-keys, but not the third. To cut a long story short I ended up
deleting my original decryption subkey and had to obtain a new GPG key

Recommended solution

-   Back up your entire .gnupg directory. The whole thing and store
    it someplace safe. Check that the back up is good (I know the
    bleeding obvious, my back up was not good)

    Check that you have a revocation key just in case

-   Then run addcardkey. If you get a problem, then remove the card from
    the reader. Insert and retry. This worked

-   Follow the rest of the directions

-   check that the card works. Then and ONLY then should you upload your
    new key to the key servers

    If all goes pear shaped, go back to your back up .gnupg and restore
    the directory and start again

Since then the card has worked like a dream (I am running Debian Etch).

Couple of points to note:
-   Your signature key will have changed
-   Your decryption key will have changed: therefore if you receive an
    email to your previous key then you will addback your old key

If I can be of any help, please let me know: nick is henry on the irc.
Apologies if I forget to say I am away...


PS. Next step (I have a lot of those!) is to add my ssh keys to it

--
Henry
Sat Mar 24 14:01:42 GMT 2007

Attachment: signature.asc
Description: Digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] Adding GPG keys to a smart card
- From: David Johnson
Follow-up: Re: [LUG] Adding GPG keys to a smart card
- From: Neil Williams

Prev by Date: Re: [LUG] GNU Make help
Next by Date: Re: [LUG] Adding GPG keys to a smart card
Previous by thread: Re: [LUG] GNU Make help
Next by thread: Re: [LUG] Adding GPG keys to a smart card
Index(es):
- Date
- Thread