{{tag>Brouillon}}
= Notes GPG - Two cards with same subkeys
GPG - carte a puce - utiliser plusieurs cartes avec les mêmes clefs secrètes
Voir :
* [[https://sven-seeberg.de/wp/?p=967|Using multiple OpenPGP Smart Cards with the same secret keys]]
Backup GPG cards
Voir :
* https://security.stackexchange.com/questions/165286/how-to-use-multiple-smart-cards-with-gnupg
Pb - Error
Please insert card with serial number 0001 12345678
$ diff .gnupg.nitrokey/private-keys-v1.d/AF710C976166A34B065DAF48430F30FEE69DA9D9.key .gnupg.yubykey/private-keys-v1.d/AF710C976166A34B065DAF48430F30FEE69DA9D9.key
6c6
< (#D27600012401030400050000A44B0000# OPENPGP.1))))
---
> (#D2760001240103040006142373880000# OPENPGP.1))))
$ diff .gnupg.nitrokey/private-keys-v1.d/C98A50CAD33BE20FCC23425F9FAA782B5195A9D2.key .gnupg.yubykey/private-keys-v1.d/C98A50CAD33BE20FCC23425F9FAA782B5195A9D2.key
6c6
< (#D27600012401030400050000A44B0000# OPENPGP.2))))
---
> (#D2760001240103040006142373880000# OPENPGP.2))))
$ gpg --card-status |grep 'card-no'
card-no: 0006 14237388
card-no: 0006 14237388
$ gpg --card-status |grep "^Application ID"
Application ID ...: D27600012401030400050000A44B0000
$ opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Nitrokey Nitrokey Pro (00000000000000000000A44B) 00 00
D276000124010304 00050000A44B0000
D276000124010304 + '0006 14237388' + '0000'
D2760001240103040006142373880000
Voici comment trouver ce numéro
$ opensc-explorer
OpenSC Explorer version 0.21.0
Using reader with a card: Nitrokey Nitrokey Pro (00000000000000000000A44B) 00 00
OpenSC [3F00]> ls
FileID Type Size
004F wEF 16
005E wEF 19
[0065] DF 32
[006E] DF 244
[007A] DF 5
00C4 wEF 7
0101 wEF 0
0102 wEF 0
0103 wEF 0
0104 wEF 0
5F50 wEF 0
5F52 wEF 10
7F21 wEF 0
[A400] DF 0
A401 wEF 0
[B600] DF 136
B601 wEF 158
[B800] DF 136
B801 wEF 158
OpenSC [3F00]> cat 004F
00000000: D2 76 00 01 24 01 03 04 00 05 00 00 A4 4B 00 00 .v..$........K..
Seulement voilà cette manip ne fonctionne pas la Yubikey
$ openpgp-tool -C
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00
AID: d2:76:00:01:24:01:03:04:00:06:14:23:73:88:00:00
Version: 3.4
Manufacturer: Yubico
Serial number: 14237388
== Voir aussi
$ opensc-tool --atr
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00
3b:fd:13:00:00:81:31:fe:15:80:73:c0:21:c0:57:59:75:62:69:4b:65:79:40
$ opensc-tool -a -v
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00
Card ATR:
3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 ;.....1...s.!.WY
75 62 69 4B 65 79 40 ubiKey@
== Exemple
La commande ci dessous ne fonctionne pas, ce n'est pas la bonne clef
$ gpg ~/tmp/plop.txt.gpg
Please insert the card with serial number: 0005 0000BD62
Mais où est donc (ornicar ?) l'id 0000BD62 ?
$ rgrep 0000BD62 ~/.gnupg
~/.gnupg/private-keys-v1.d/F66AA9329AEA6F09D69DD852BF8233DE68119AF5.key:Token: D27600012401030400050000BD620000 OPENPGP.3 - 0005+0000BD62
~/.gnupg/private-keys-v1.d/F66AA9329AEA6F09D69DD852BF8233DE68119AF5.key: (#D27600012401030400050000BD620000# OPENPGP.3))))
~/.gnupg/private-keys-v1.d/3F5417680639FCEF05C54803B408B83BA496E964.key:Token: D27600012401030400050000BD620000 OPENPGP.1 - 0005+0000BD62
~/.gnupg/private-keys-v1.d/3F5417680639FCEF05C54803B408B83BA496E964.key: (#D27600012401030400050000BD620000# OPENPGP.1))))
~/.gnupg/private-keys-v1.d/DC81057888D07B12268226B9F136013C4D32566D.key:Token: D27600012401030400050000BD620000 OPENPGP.2 - 0005+0000BD62
~/.gnupg/private-keys-v1.d/DC81057888D07B12268226B9F136013C4D32566D.key: (#D27600012401030400050000BD620000# OPENPGP.2))))
Trouver l'id la clef actuelle
$ gpg --card-status |grep "^Application ID"
Application ID ...: D2760001240103040006142373880000
On remplace l'ancien id par le nouveau
cp -a ~/.gnupg ~/.gnupg.bak
sed -i -e 's/D27600012401030400050000BD620000/D2760001240103040006142373880000/g' ~/.gnupg/private-keys-v1.d/*.key
Ça fonctionne
gpg ~/tmp/plop.txt.gpg
== Autre
=== Python et carte GPG
Export / Import
FIXME
python3 -m gpgcard.gpgcli --backup --pinpad --backup-keys --file gpg-key.pickle
python3 -m gpgcard.gpgcli --restore --pinpad --file gpg-key.pickle