El día viernes, octubre 29, 2021 a las 08:35:43p. m. -0500, Jacob Bachmeyer via Gnupg-users escribió:
> Matthias Apitz wrote: > > The question here is: Can I somehow transfer the keys from the used > > OpenPGP card to this new card (and copy over the tree of encrypted > > passwords to the phone) or do I have to move the passwords in clear and > > crypt them again with the new card? > > If I understand correctly that your tool uses public keys, The password store is a tree of GnuPG encrypted file as: $ find .password-store .password-store .password-store/web .password-store/web/test1.gpg .password-store/web/test2.gpg .password-store/web/test3.gpg .password-store/web/hwiconnect.net.gpg .password-store/web/es-la.facebook.com.gpg ... it was once (2017) initialized with $ pass init [email protected] and one can see the gpg-id in the file of the store: $ cat .password-store/.gpg-id [email protected] This mail addr is the reference to the (public) key: $ gpg2 -K /home/guru/.gnupg-ccid/pubring.kbx ---------------------------------- sec> rsa4096 2017-05-14 [SC] 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11 Card serial no. = 0005 0000532B uid [ultimate] Matthias Apitz (GnuPG CCID) <[email protected]> ssb> rsa4096 2017-05-14 [A] ssb> rsa4096 2017-05-14 [E] > you will need to: > > 1. Generate keys on your new device. I did so and created for testing a password store on the mobile L5 with: purism@pureos:~$ pass init 'CCID L5' mkdir: created directory '/home/purism/.password-store/' Password store initialized for CCID L5 purism@pureos:~$ cat .password-store/.gpg-id CCID L5 purism@pureos:~$ echo secret | pass insert -m test Enter contents of test and press Ctrl+D when finished: purism@pureos:~$ find .password-store/ .password-store/ .password-store/test.gpg .password-store/.gpg-id purism@pureos:~$ killall gpg-agent purism@pureos:~$ pass test secret (it asked me to unlock the OpenPGP card with its PIN) > 2. Export the public key for your new smartcard. I did so: purism@pureos:~$ gpg --export --armor > ccid-L5-export-key-guru.pub purism@pureos:~$ file ccid-L5-export-key-guru.pub ccid-L5-export-key-guru.pub: PGP public key block Public-Key (old) > 3. Arrange for your password store to be encrypted for *both* public keys. Perhaps I should now import the above Public-Key on the laptop and re-init there the password store with both gpg-id: $ pass init 'GnuPG CCID' 'CCID L5' I will test this after making bakups of GNUPGHOME and ~/password-store. > 4. Copy the appropriately encrypted password store to the new device. > 5. Use the new card's secret key to access the encrypted password store. > Thanks for your hints matthias -- Matthias Apitz, ✉ [email protected], http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub August 13, 1961: Better a wall than a war. And, while the GDR was still existing, no German troups and bombs have been killed in Yugoslavia, Afghanistan, Afrika... _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
