Decrypt RSA encrypted secret by using gpg authentication key stored on yubikey

2017-11-02 Thread Thomas Glanzmann
Hello, I have a yubikey that I use as gpg smartcard. On that yubikey I have an authentication subkey. I uploaded the pubkey to AWS cloud. When I create a Windows instance they use that pubkey to encrypt a password using RSA to my privkey. Since my privkey is stored on the smartcard, I can't use

Re: Why does import refuse to merge a new subkey?

2017-11-02 Thread Peter Lebbing
On 02/11/17 16:58, Phil Susi wrote: > Why is this? What version of GnuPG is this? It's a well-known limitation of GnuPG 1.4 and 2.0, but my 2.1.18 allows me to add secret subkeys through --import. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me

Re: GnuPG public key vulnerability?

2017-11-02 Thread Shannon C
> > so at Facebook, we checked > the public keys that have been uploaded to people's profiles, and notified > people whose keys are affected Jon, FYI your detection logic seems a bit overzealous, because (last time I checked) it detects revoked ROCA-vulnerable subkeys as making the whole

Why does import refuse to merge a new subkey?

2017-11-02 Thread Phil Susi
Whenever my subkeys expire and I have to generate a new one, I try to import the keys on my less secure machines and gpg stupidly refuses to update the already existing key with the new subkey. I have to delete the key, then import to get the new subkey into the keyring. Why is this?

Re: Why does import refuse to merge a new subkey?

2017-11-02 Thread Peter Lebbing
On 02/11/17 20:37, Phil Susi wrote: > [..] but 2.0.28 on another also did it I'm pretty sure. Yes, I'm pretty sure of that as well. 2.0 can't update secret keys; it was introduced with 2.1 or somewhere during 2.1. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with

Re: Why does import refuse to merge a new subkey?

2017-11-02 Thread Phil Susi
On 11/2/2017 3:04 PM, Peter Lebbing wrote: > On 02/11/17 16:58, Phil Susi wrote: >> Why is this? > > What version of GnuPG is this? It's a well-known limitation of GnuPG 1.4 > and 2.0, but my 2.1.18 allows me to add secret subkeys through --import. Looks like I've still got 1.4.20 on one machine

Re: GPG Subkey decryption

2017-11-02 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thursday 2 November 2017 at 2:55:07 AM, in , John Ramsden wrote:- > I think I may be misunderstanding how I'm supposed to > be decrypting with > a subkey. From what I thought, the public

GPG Subkey decryption

2017-11-02 Thread John Ramsden
I think I may be misunderstanding how I'm supposed to be decrypting with a subkey. From what I thought, the public key should be the same on a subkey as it is on a primary key. I see the same public key when I list them on my machine which stores the primary key and the machine that stores the