Emil Thank you, i tend to do this on an offline raspberry with a dedicated SD card. I have also done this on a Tails distro. I always do it off the yubikey, and lock a backup on an encrypted usb stick.
Mark On 11/02/2019 11:49, Emil Lundberg wrote: > Hi Mark, > > While you're going through the effort of re-encrypting things, I would > recommend that you create your encryption subkey outside the YubiKey > (preferably in an airgapped environment) and import it, rather than > generate it on board the YubiKey, so that you can have a backup of > it*. At least if you're using the same encryption subkey for anything > else than Pass - an alternative solution for Pass is to have the > password store encrypted with more than one subkey, but that won't > help if you end up with other things encrypted to only one subkey and > lose that subkey. Just a friendly warning. :) > > *Note that you typically don't need backups of signature or > authentication subkeys, because signature verification only needs the > public keys - unlike encryption subkeys, because decryption needs the > private keys to be long-lived. > > /Emil > > On Sun, 10 Feb 2019 at 23:23 Jake Yip <[email protected] > <mailto:[email protected]>> wrote: > > Hi Mark, > > Are you referring to re-encrypting your pass store with the new > key on your Yubikey 5? In that case, I've managed to do that by > doing `pass init [-p <path>] old-key-ids new-key-id. Where > old-key-ids are ids in .gpg-id. > > Hope that helps, > Jake > > On Sun, Feb 10, 2019 at 11:29 PM Mark Stanhope > <[email protected] <mailto:[email protected]>> wrote: > > Hello, first time poster. > > I have used Pass for a while using a Yubikey Neo as the store > for my GPG > keys. The new yubikey 5 supports 4096 keys, whilst the NEO did not > support above 2048 for NFC. > > So i am planning to move to the new Yubikey 5, but cant > currently find > anything about adding or removing GPG keys from a pass git rep. > > Any suggestions are very welcome, thank you in advance. > > Mark > > > _______________________________________________ > Password-Store mailing list > [email protected] > <mailto:[email protected]> > https://lists.zx2c4.com/mailman/listinfo/password-store > > > > -- > Jake Yip > DevOps Engineer > M +61 383 443 669 <tel:+61+383+443+669> > [email protected] <mailto:[email protected]> > ardc.edu.au <http://www.ardc.edu.au> > > ardc.edu.au <http://ardc.edu.au> > > <https://twitter.com/ands_nectar_rds> > <https://www.youtube.com/user/andsdata> > > ARDC acknowledges the Traditional Owners of the lands > that we live and work on across Australia and pays its respect > to Elders past and present. > Please consider the environment before printing this e-mail. > > _______________________________________________ > Password-Store mailing list > [email protected] <mailto:[email protected]> > https://lists.zx2c4.com/mailman/listinfo/password-store >
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
