Hello, Ralf <sourcel...@mailbox.org> wrote: > I generated keys on a Nitrokey and have chosen the option to make an > off-card backup of the encryption key: > > gpg: NOTE: backup of card key saved to > `/home/archi/.gnupg/sk_26D728A8F09033F1.gpg'
If you want to know the detail, this means that the encryption key is generated on the host and it is imported to the card. Generating on card and extracting is not possible. > gpg2 --import sk_26D728A8F09033F1.gpg No. It doesn't work, because the file is just the raw private key of the encryption subkey. > I only found a hint so far that the key can be uploaded to another card > with the bkuptocard command > (https://lists.gnupg.org/pipermail/gnupg-users/2017-June/058438.html), > but Yes. It's "gpg --edit-key" which can be used for this file and it's "bkuptocard" sub command to import the private key to the card again. > I had hoped that it is possible to use the backup key without a > card. Any hints here, is this possible? In such a case, why not do that straight? I mean, generating keys on host and manually importing to device by "keytocard" of "--edit-key"? You can control your key better. The sk_26D728A8F09033F1.gpg is written in the OpenPGP format, but it is not intended to be used by "--import" command; Even if it is created by the data of subkey, the file uses PKT_SECRET_KEY type. So, to achieve what you want, I guess, you need to write a small program to handle this file to recover your private key on host. -- _______________________________________________ Gnupg-users mailing list Gnupgfirstname.lastname@example.org http://lists.gnupg.org/mailman/listinfo/gnupg-users