tech:notes_gpg_-_two_cards_with_same_subkeys
Table des matières
Notes GPG - Two cards with same subkeys
GPG - carte a puce - utiliser plusieurs cartes avec les mêmes clefs secrètes
Voir :
Backup GPG cards
Voir :
Pb - Error Please insert card with serial number 0001 12345678
$ diff .gnupg.nitrokey/private-keys-v1.d/AF710C976166A34B065DAF48430F30FEE69DA9D9.key .gnupg.yubykey/private-keys-v1.d/AF710C976166A34B065DAF48430F30FEE69DA9D9.key 6c6 < (#D27600012401030400050000A44B0000# OPENPGP.1)))) --- > (#D2760001240103040006142373880000# OPENPGP.1)))) $ diff .gnupg.nitrokey/private-keys-v1.d/C98A50CAD33BE20FCC23425F9FAA782B5195A9D2.key .gnupg.yubykey/private-keys-v1.d/C98A50CAD33BE20FCC23425F9FAA782B5195A9D2.key 6c6 < (#D27600012401030400050000A44B0000# OPENPGP.2)))) --- > (#D2760001240103040006142373880000# OPENPGP.2))))
$ gpg --card-status |grep 'card-no'
card-no: 0006 14237388
card-no: 0006 14237388
$ gpg --card-status |grep "^Application ID" Application ID ...: D27600012401030400050000A44B0000
$ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0 Yes Nitrokey Nitrokey Pro (00000000000000000000A44B) 00 00
D276000124010304 00050000A44B0000 D276000124010304 + '0006 14237388' + '0000' D2760001240103040006142373880000
Voici comment trouver ce numéro
$ opensc-explorer OpenSC Explorer version 0.21.0 Using reader with a card: Nitrokey Nitrokey Pro (00000000000000000000A44B) 00 00 OpenSC [3F00]> ls FileID Type Size 004F wEF 16 005E wEF 19 [0065] DF 32 [006E] DF 244 [007A] DF 5 00C4 wEF 7 0101 wEF 0 0102 wEF 0 0103 wEF 0 0104 wEF 0 5F50 wEF 0 5F52 wEF 10 7F21 wEF 0 [A400] DF 0 A401 wEF 0 [B600] DF 136 B601 wEF 158 [B800] DF 136 B801 wEF 158 OpenSC [3F00]> cat 004F 00000000: D2 76 00 01 24 01 03 04 00 05 00 00 A4 4B 00 00 .v..$........K..
Seulement voilà cette manip ne fonctionne pas la Yubikey
$ openpgp-tool -C Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00 AID: d2:76:00:01:24:01:03:04:00:06:14:23:73:88:00:00 Version: 3.4 Manufacturer: Yubico Serial number: 14237388
Voir aussi
$ opensc-tool --atr Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00 3b:fd:13:00:00:81:31:fe:15:80:73:c0:21:c0:57:59:75:62:69:4b:65:79:40
$ opensc-tool -a -v Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00 Card ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 ;.....1...s.!.WY 75 62 69 4B 65 79 40 ubiKey@
Exemple
La commande ci dessous ne fonctionne pas, ce n'est pas la bonne clef
$ gpg ~/tmp/plop.txt.gpg Please insert the card with serial number: 0005 0000BD62
Mais où est donc (ornicar ?) l'id 0000BD62 ?
$ rgrep 0000BD62 ~/.gnupg ~/.gnupg/private-keys-v1.d/F66AA9329AEA6F09D69DD852BF8233DE68119AF5.key:Token: D27600012401030400050000BD620000 OPENPGP.3 - 0005+0000BD62 ~/.gnupg/private-keys-v1.d/F66AA9329AEA6F09D69DD852BF8233DE68119AF5.key: (#D27600012401030400050000BD620000# OPENPGP.3)))) ~/.gnupg/private-keys-v1.d/3F5417680639FCEF05C54803B408B83BA496E964.key:Token: D27600012401030400050000BD620000 OPENPGP.1 - 0005+0000BD62 ~/.gnupg/private-keys-v1.d/3F5417680639FCEF05C54803B408B83BA496E964.key: (#D27600012401030400050000BD620000# OPENPGP.1)))) ~/.gnupg/private-keys-v1.d/DC81057888D07B12268226B9F136013C4D32566D.key:Token: D27600012401030400050000BD620000 OPENPGP.2 - 0005+0000BD62 ~/.gnupg/private-keys-v1.d/DC81057888D07B12268226B9F136013C4D32566D.key: (#D27600012401030400050000BD620000# OPENPGP.2))))
Trouver l'id la clef actuelle
$ gpg --card-status |grep "^Application ID" Application ID ...: D2760001240103040006142373880000
On remplace l'ancien id par le nouveau
cp -a ~/.gnupg ~/.gnupg.bak sed -i -e 's/D27600012401030400050000BD620000/D2760001240103040006142373880000/g' ~/.gnupg/private-keys-v1.d/*.key
Ça fonctionne
gpg ~/tmp/plop.txt.gpg
Autre
Python et carte GPG
Export / Import 
python3 -m gpgcard.gpgcli --backup --pinpad --backup-keys --file gpg-key.pickle python3 -m gpgcard.gpgcli --restore --pinpad --file gpg-key.pickle
tech/notes_gpg_-_two_cards_with_same_subkeys.txt · Dernière modification : de 127.0.0.1