> ahead and copied the very same keys from the backup to the second. But > trying to actually use does not work, I get an error like: 'please > insert card: […]' So. > > What can I do to make gpg use the card as well (if possible) ?
You see the prompt because gpg knows that you aready used the first card and asks for that card. The alternative would be to check whether the currently inserted card can be used, despite that its serial number does not match. IIRC, we have implemented this in 2.3 to be released in th next few weeks. What you can do with 2.2 is to delet the stub file which stores the serial number: gpg --with-keygrip -K shows you the keygrip of the respective file. Now check whether the file ~/.gnupg/private-keys-v1.d/<KEYGRIP>.key has the string "shadowed-private-key". If so, delete this file and run "gpg --card-status". Such a file might look like this: --8<---------------cut here---------------start------------->8--- Token: 276000124010200FFFE372F7910000 OPENPGP.1 Label: My signing yellow signing yoken Key: (shadowed-private-key (ecc (curve Ed25519)(flags eddsa)(q #40CFBE4795E91CD7A26185F23430A7445712DD93185C3023B4646E963010263697#) (shadowed t1-v1 (#D276000124010200FFFE372F7910000# OPENPGP.1)))) --8<---------------cut here---------------end--------------->8--- which can be edited, or it might be some binary gibberish. In any case you should be able to check for the "shadowed-private-key" string. Note that such a file exists for each key. > Another thing I would really love to know is: Is it possible to use > the gpg card as smartcard for the system login as well? Right now I am You can use the poldi PAM module but it is somewhat limited. For proper support we would need to modify the screen locker and the display manager. > Last but not least I am still on a quest for a setup to use Full Disk > Encryption and Security Token to actually decrypt the Disk on boot. I use my card for many years for an encrypted partition. The tool is called g13 but it is not very polished and not easy to install. When building gnupg add --enable-g13 to configure. We have an open task to write a bit of docuemntation: https://dev.gnupg.org/T3423 . What's also missing are features to replace or add OpenPGP keys to a partition so that you can use several cards or an symmetric key for decryption (of the actual dmcrypt key). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users