Hi Damien! On 28.03.24 08:26, Damien Cassou via Gnupg-users wrote:
As you can see, there is a '>' character before each subkey but not before the master key. Someone on the web has a similar setup but doesn't have the '>' before his subkeys [1].
The ">" indicates that the key is on a smartcard. (The > is the corner of a card ;) (Smartcard is synonym to USB tokens like YubiKeys)
Is that a problem? Am I missing something important? It seems this causes me the troubles mentioned at [1].
In [2] it is mentioned, that the key marked with an [A] is needed. [A] indicates the "authentication" key. This is what you want.But the private part of your [A] key is only on the smartcard. And the security idea of the smartcard is, that you can not extract it from there.
In [1] you described your 'gpg --export-secret-keys'. If you do a `gpg --list-packets ./damien.asc` on your export, you can see that this still references the card. So it won't work this way. But if it is about ssh login into another system you can use the gpg-agent as a the ssh-agent and get the security with your smartcard. You have to add 'enable-ssh-support' to your gpg-agent.conf. See: man gpg-agent
[1] https://github.com/pinpox/pgp2ssh/issues/6
[2] https://github.com/pinpox/pgp2ssh Best regards Alexander
OpenPGP_0x213E2CD3CABCF0B9.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users