[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Second OpenPGP-card
From: Matthias Apitz <guru () unixarea ! de>
Date: 2024-02-26 12:17:08
Message-ID: ZdyBRGeZRNxicL00 () c720-1400094
[Download RAW message or body]
El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via \
Gnupg-users escribió:
> On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
>
> > So, can I buy this card here in Europe or even in Germany?
>
> floss-shop.de
Only for the record:
Meanwhile I bought the 2nd OpenPGP card in the Purism shop because floss-shop.de
can't cut out the Micro-SIM size.
>
> > If not, I could with a script decrypt all the files in this tree and
> > encrypt them again after setup the card. But, it would be better just
> > copy the files over by SCP, also when passwords get added or updated.
>
> Actually we have an open task for re-encryption:
> https://dev.gnupg.org/T1825
>
> For small messages this is easy but there is no easy solution for large
> data. A detached encryption packet is a theoretical option.
I have here an example file of an entry 'test' in my .password-storage:
purism@pureos:~$ pass test
┌──────────────────────────────────────────────┐
│ Please unlock the card │
│ │
│ Number: 0005 0000A6FE │
│ Holder: Matthias Apitz │
│ │
│ PIN ________________________________________ │
│ │
│ <OK> <Cancel> │
└──────────────────────────────────────────────┘
secret
purism@pureos:~$ file .password-store/test.gpg
.password-store/test.gpg: PGP RSA encrypted session key - keyid: 39BDCE02 5E4698B6 \
RSA (Encrypt or Sign) 2048b .
purism@pureos:~$ gpg -da .password-store/test.gpg
┌──────────────────────────────────────────────┐
│ Please unlock the card │
│ │
│ Number: 0005 0000A6FE │
│ Holder: Matthias Apitz │
│ │
│ PIN ________________________________________ │
│ │
│ <OK> <Cancel> │
└──────────────────────────────────────────────┘
gpg: encrypted with 2048-bit RSA key, ID 39BDCE025E4698B6, created 2021-10-30
"Matthias Apitz (GnuPG CCID L5) <guru@unixarea.de>"
secret
Said/showed that, I can't imagine that, when I SCP the file
.password-store/test.gpg to another mobile with another OpenPGP card,
that this system would be able to decrypt the file and reencrypt it
again with the new card.
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
I am not at war with Russia. Я не воюю с оссией.
Ich bin nicht im Krieg mit Russland.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic