On 06/12/2017 07:31 AM, Matthias Apitz wrote:
Now we are on track with my question. The background is/was: what exactly I have todo with this backup key, for example in case the GnuPG card gets lost or stolen?
You would have to import your backup key into your private keyring using gpg's --import command.
First, remove the private key stubs: $ rm ~/.gnupg/private-keys-v1.d/*.key Then, import your backup: $ gpg2 --import backup.gpgYou will then be prompted for the passphrase you choose when the backup was created.
At this point, it's as if you had never used a smartcard.Once you have a new smartcard to replace your lost one, you may move the restored keys to the new smartcard using the keytocard command.
(Note that depending on what happened to your original card, you may prefer to *revoke* those keys and generate new keys.)
How can I simulate this and check if the passphrase works correctly.
Copy your current .gnupg directory to a temporary GNUPGHOME: $ cp -r .gnupg ~/testbackup $ export GNUPGHOME=~/testbackup Then you can test the above procedure: - Remove the key stubs: $ rm ~/testbackup/private-keys-v1.d/*.key - Import your backup: $ gpg2 --import backup.gpg At this point, you will know if the passphrase works correctly. And if you want to change the passphrase of your backup: $ gpg2 --edit-key Matthias passwd $ gpg2 -o backup-with-new-password.gpg --export-secret-keys Once you are satisfied, you can wipe the testbackup directory out. Hope that helps, Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
