Hacking off-card backup to be on-disk key (was: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID")

2017-10-31 Thread Peter Lebbing 
Hi Ralf,

On 25/10/17 23:29, Ralf wrote:
> I was hoping for something simple and I think eventually this should be
> simple; nevertheless I would make use of such a workaround / would be
> thankful for such an example :)

I fiddled around with a test card. Prepare for a wall of text.

I created a test key on card:

--8<---cut here---start->8---
sec  rsa2048/A7C45205828E4D09
 created: 2017-10-31  expires: 2017-11-07  usage: SC
 card-no: 0005 106E
 trust: never validity: ultimate
ssb  rsa2048/D614DCD256D4028C
 created: 2017-10-31  expires: 2017-11-07  usage: A
 card-no: 0005 106E
ssb  rsa2048/93104C8F5B4A4714
 created: 2017-10-31  expires: 2017-11-07  usage: E
 card-no: 0005 106E
--8<---cut here---end--->8---

We start with damage control. Always backup your .gnupg directory before 
doing risky stuff. I'm assuming the backup dir .gnupg~ does not already 
exist; otherwise, delete it first or choose a different name.

--8<---cut here---start->8---
$ cd
$ cp -a .gnupg/ .gnupg~
--8<---cut here---end--->8---

The following actions: export secret key, delete secret key from 
keyring, import secret key, show an interesting behaviour of my GnuPG 
2.1.18 related to card keys:

--8<---cut here---start->8---
$ gpg -o cardkey.gpg --export-secret-keys 
0976A143384202C99E7C26EFA7C45205828E4D09
$ gpg --delete-secret-and-public-keys-keys 
0976A143384202C99E7C26EFA7C45205828E4D09
[...]
$ gpg --import cardkey.gpg 
gpg: key A7C45205828E4D09: "Test Backup Hack" not changed
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key A7C45205828E4D09: secret key imported
gpg: Total number processed: 1
gpg:  unchanged: 1
gpg:   secret keys read: 1
--8<---cut here---end--->8---

It will not import the secret key stubs[1]. What it is obliquely saying 
is: don't import key stubs, just insert your smartcard and run --card-
status. Keep this in mind. It will come back in a different form.

Don't run --card-status at this time, by the way.

Now we start with packet surgery. Unlike a surgeon, we start by fully 
taking apart the body ;-).

--8<---cut here---start->8---
$ cd tmp/
$ gpgsplit ../cardkey.gpg 
$ ls
01-005.secret_key  04-007.secret_subkey  07-002.sig
02-013.user_id 05-002.sig
03-002.sig 06-007.secret_subkey
--8<---cut here---end--->8---

I always have a "tmp" dir handy for throwaway stuff. Create an empty dir 
first if necessary.

An OpenPGP file always consists of a stream of packets. gpgslit just 
splits these packets over multiple files without changing anything else. 
We need to figure out which of the "secret_subkey" files is the secret 
key stub for the encryption key. First note that the encryption key is 
the key with ID 93104C8F5B4A4714, as can be told from the off-card 
backup file named sk_93104C8F5B4A4714.gpg.

--8<---cut here---start->8---
$ cat *secret*|gpg --list-packets 
# off=0 ctb=95 tag=5 hlen=3 plen=294
:secret key packet:
version 4, algo 1, created 1509451630, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 10 6e 00 00
keyid: A7C45205828E4D09
# off=297 ctb=9d tag=7 hlen=3 plen=294
:secret sub key packet:
version 4, algo 1, created 1509451630, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 10 6e 00 00
keyid: D614DCD256D4028C
# off=594 ctb=9d tag=7 hlen=3 plen=294
:secret sub key packet:
version 4, algo 1, created 1509451630, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0
serial-number:  d2 76 00 01 24 01 02 00 00 05 00 00 10 6e 00 00
keyid: 93104C8F5B4A4714
--8<---cut here---end--->8---

These are the three packets with "secret" in their name, *in order*. The 
last of the three has the right key ID, so that means 
06-007.secret_subkey contains the stub we want to replace.

Now let's take a look at that pesky sk_93104C8F5B4A4714.gpg that you 
were trying to import, with the off-card backup of the encryption key:

--8<---cut here---start->8---
$ gpg --list-packets ~/.gnupg/sk_93104C8F5B4A4714.gpg 
# off=0 ctb=95 tag=5 hlen=3 plen=966
:secret key packet:
version 4, algo 1, created 1509451630, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-25 Thread Ralf 

Hi Peter,


looking for difficult workarounds :-). If I'm wrong about that, just say
so and I'll give an example. I'll whip out a blank OpenPGP card, create
a test key and do it, posting the results on the list.


I was hoping for something simple and I think eventually this should be 
simple; nevertheless I would make use of such a workaround / would be 
thankful for such an example :)


Greetings,

Ralf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-25 Thread Peter Lebbing 
On 25/10/17 16:15, Ralf wrote:
> I was hoping for a simpler workaround to make GnuPG import the key.

There is a pretty difficult workaround, using gpgsplit and standard
Linux command-line tools. However, I get the sense you're not really
looking for difficult workarounds :-). If I'm wrong about that, just say
so and I'll give an example. I'll whip out a blank OpenPGP card, create
a test key and do it, posting the results on the list.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-25 Thread Ralf 

Hi,


If you want to know the detail, this means that the encryption key is
generated on the host and it is imported to the card.  Generating on
card and extracting is not possible.


I was wondering about that, because on of the reasons that convinced me 
to buy a Nitrokey was the "the key cannot leave the device" argument. So 
I wondered about the backup option, read up on it (because I am not very 
knowledgable of using GnuPG yet). I thought it makes sense to have a 
backup only of the encryption key and live with the risk of losing the 
signing / authorization key. Not sure what is worth how much, I was 
going with what the generate procedure suggested because it made sense 
to me intuitively and I assumed it represents time-proofed best practices.



I had hoped that it is possible to use the backup key without a
card. Any hints here, is this possible?


In such a case, why not do that straight?  I mean, generating keys on
host and manually importing to device by "keytocard" of "--edit-key"?
You can control your key better.


Maybe that would have been better.
I stumbled on that option, but the "generate" command option looked way 
more simple:

https://www.gnupg.org/howtos/card-howto/en/ch03s03.html#id2521952
than this procedure recommended on the Nitrokey documentation:
http://wiki.fsfe.org/TechDocs/CardHowtos/CardWithSubkeysUsingBackups

The whole "master and different sub-keys" seemed somewhat complicated to 
me. I learned that the devil is in the details, sometimes even in little 
things. Like: the public key is not on the Nitrokey. You need to backup 
it to use the Nitrokey on another machine. So I went for the path that 
looked a lot more well-travelled and just a lot more simple.


Or is there a simpler way to generate keys locally + upload them to the 
Nitrokey, backup the keyrings and remove the secret parts that I missed?



So, to achieve what you want, I guess, you need to write a small program
to handle this file to recover your private key on host.


I was hoping for a simpler workaround to make GnuPG import the key.

I was happy to hear that importing such a key will be tracked as a 
feature request.


Until then, I'll either only use this for things I could afford to loose 
when I lose my Nitrokey. Or I'll take the time to generate new keys and 
re-crypt everything.


Greetings,

Ralf

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-25 Thread Ralf 

There is no tool yet to do this.  Let's track this at
https://dev.gnupg.org/T3466


thanks, good to know I wasn't missing something obvious here.

An option for "--import" sounds great, that was what I was looking for 
intuitively, something that would allow me to specify the user id / the 
hash of the public key.


I am curious, from a user-perspective, couldn't GnuPG be trying to be 
very helpful with importing the secret key and "just do the right thing" 
and scan if there is a matching public key in the keyring?


Greetings,

Ralf

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-25 Thread NIIBE Yutaka 
Hello,

Ralf  wrote:
> I generated keys on a Nitrokey and have chosen the option to make an 
> off-card backup of the encryption key:
>
> gpg: NOTE: backup of card key saved to 
> `/home/archi/.gnupg/sk_26D728A8F09033F1.gpg'

If you want to know the detail, this means that the encryption key is
generated on the host and it is imported to the card.  Generating on
card and extracting is not possible.

> gpg2 --import sk_26D728A8F09033F1.gpg

No.  It doesn't work, because the file is just the raw private key of
the encryption subkey.

> I only found a hint so far that the key can be uploaded to another card 
> with the bkuptocard command 
> (https://lists.gnupg.org/pipermail/gnupg-users/2017-June/058438.html), 
> but 

Yes.  It's "gpg --edit-key" which can be used for this file and it's
"bkuptocard" sub command to import the private key to the card again.

> I had hoped that it is possible to use the backup key without a
> card. Any hints here, is this possible?

In such a case, why not do that straight?  I mean, generating keys on
host and manually importing to device by "keytocard" of "--edit-key"?
You can control your key better.


The sk_26D728A8F09033F1.gpg is written in the OpenPGP format, but it is
not intended to be used by "--import" command; Even if it is created by
the data of subkey, the file uses PKT_SECRET_KEY type.

So, to achieve what you want, I guess, you need to write a small program
to handle this file to recover your private key on host.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-24 Thread Werner Koch 
On Tue, 24 Oct 2017 21:23, sourcel...@mailbox.org said:

> but I had hoped that it is possible to use the backup key without a
> card. Any hints here, is this possible?

There is no tool yet to do this.  Let's track this at
https://dev.gnupg.org/T3466


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpw9VzGDWh3a.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-24 Thread Ralf 

Hi,

I generated keys on a Nitrokey and have chosen the option to make an 
off-card backup of the encryption key:


gpg: NOTE: backup of card key saved to 
`/home/archi/.gnupg/sk_26D728A8F09033F1.gpg'


as described in: 
https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2506175


Now I tried to use this backup key. So I imported the public keys, and 
when I try to import the secret key backup file, I get an error "no user 
ID" and the key isn't imported to the secret ring:


gpg2 --import sk_26D728A8F09033F1.gpg
gpg: key 26D728A8F09033F1: no user ID
gpg: Total number processed: 1
gpg:   secret keys read: 1

I only found a hint so far that the key can be uploaded to another card 
with the bkuptocard command 
(https://lists.gnupg.org/pipermail/gnupg-users/2017-June/058438.html), 
but I had hoped that it is possible to use the backup key without a 
card. Any hints here, is this possible?


Greetings,

Ralf

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

2017-10-24 Thread sourcelime 

Hi,

I generated keys on a Nitrokey and have chosen the option to make an 
off-card backup of the encryption key:


gpg: NOTE: backup of card key saved to 
`/home/archi/.gnupg/sk_26D728A8F09033F1.gpg'


as described in: 
https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2506175


Now I tried to use this backup key. So I imported the public keys, and 
when I try to import the secret key backup file, I get an error "no user 
ID" and the key isn't imported to the secret ring:


gpg2 --import sk_26D728A8F09033F1.gpg
gpg: key 26D728A8F09033F1: no user ID
gpg: Total number processed: 1
gpg:   secret keys read: 1

I only found a hint so far that the key can be uploaded to another card 
with the bkuptocard command 
(https://lists.gnupg.org/pipermail/gnupg-users/2017-June/058438.html), 
but I had hoped that it is possible to use the backup key without a 
card. Any hints here, is this possible?


Greetings,

Ralf

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users