tech:gpg_-_recovering_lost_gpg_public_keys_from_your_yubikey
Table des matières
GPG - recovering lost gpg public keys from your yubikey
Source : https://www.nicksherlock.com/2021/08/recovering-lost-gpg-public-keys-from-your-yubikey/
$ gpg --card-status
Reader ...........: Nitrokey Nitrokey Pro (00000000000000000000BD62) 00 00
Application ID ...: D27600012401030400050000BD620000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 0000BD62
Name of cardholder: [not set]
Language prefs ...: de
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: brainpoolP512r1 brainpoolP512r1 brainpoolP512r1
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: 5A79 88CB 3667 6795 A817 0DB7 CBBD AA0F 4B7C 7DD7
created ....: 2023-02-26 14:04:38
Encryption key....: 8695 C0E7 6ABC 2FFF F7CC 7D71 F8CE 04C4 D381 8C66
created ....: 2023-02-26 14:07:32
Authentication key: 1D9D 57AF C804 3C8E 1AA8 82ED 7571 DCC2 1DE7 4064
created ....: 2023-02-26 14:09:20
General key info..: [none]
Les champs qui nous intéressent :
Signature key ....: 5A79 88CB 3667 6795 A817 0DB7 CBBD AA0F 4B7C 7DD7
created ....: 2023-02-26 14:04:38
Encryption key....: 8695 C0E7 6ABC 2FFF F7CC 7D71 F8CE 04C4 D381 8C66
created ....: 2023-02-26 14:07:32
Authentication key: 1D9D 57AF C804 3C8E 1AA8 82ED 7571 DCC2 1DE7 4064
created ....: 2023-02-26 14:09:20
2023-02-26 14:04:38 va devenir 20230226T140438!
Création de la clef primaire (sign)
$ gpg --faked-system-time "20230226T140438!" --expert --full-generate-key
gpg: WARNING: running with faked system time: 2023-02-26 14:04:38
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 14
Serial number of the card: D27600012401030400050000BD620000
Available keys:
(1) 3F5417680639FCEF05C54803B408B83BA496E964 OPENPGP.1 brainpoolP512r1 (cert,sign)
(2) DC81057888D07B12268226B9F136013C4D32566D OPENPGP.2 brainpoolP512r1 (encr)
(3) F66AA9329AEA6F09D69DD852BF8233DE68119AF5 OPENPGP.3 brainpoolP512r1 (sign,auth)
Your selection? 1
Possible actions for a ECDSA/EdDSA key: Sign Certify
Current allowed actions: Sign Certify
(S) Toggle the sign capability
(Q) Finished
Your selection? q
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon 26 Feb 2024 03:04:38 PM CET
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Bob MARLEY
Email address: bmarley@acme.fr
Comment:
You selected this USER-ID:
"Bob MARLEY <bmarley@acme.fr>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg: directory '/home/jibe/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/jibe/.gnupg/openpgp-revocs.d/5A7988CB36676795A8170DB7CBBDAA0F4B7C7DD7.rev'
public and secret key created and signed.
pub brainpoolP512r1 2023-02-26 [SC] [expires: 2024-02-26]
5A79 88CB 3667 6795 A817 0DB7 CBBD AA0F 4B7C 7DD7
uid Bob MARLEY <bmarley@acme.fr>
Création des clefs secondaires
La seconde clef
$ gpg --faked-system-time "20230226T140732!" --expert --edit-key bmarley
gpg: WARNING: running with faked system time: 2023-02-26 14:07:32
Secret key is available.
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2024-02-26
sec brainpoolP512r1/CBBDAA0F4B7C7DD7
created: 2023-02-26 expires: 2024-02-26 usage: SC
card-no: 0005 0000BD62
trust: ultimate validity: ultimate
[ultimate] (1). Bob MARLEY <bmarley@acme.fr>
gpg> addkey
Secret parts of primary key are stored on-card.
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
(14) Existing key from card
Your selection? 14
Serial number of the card: D27600012401030400050000BD620000
Available keys:
(1) 3F5417680639FCEF05C54803B408B83BA496E964 OPENPGP.1 brainpoolP512r1 (cert,sign)
(2) DC81057888D07B12268226B9F136013C4D32566D OPENPGP.2 brainpoolP512r1 (encr)
(3) F66AA9329AEA6F09D69DD852BF8233DE68119AF5 OPENPGP.3 brainpoolP512r1 (sign,auth)
Your selection? 2
Possible actions for a ECDH key: Encrypt
Current allowed actions: Encrypt
(E) Toggle the encrypt capability
(Q) Finished
Your selection? q
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon 26 Feb 2024 03:07:32 PM CET
Is this correct? (y/N) y
Really create? (y/N) y
sec brainpoolP512r1/CBBDAA0F4B7C7DD7
created: 2023-02-26 expires: 2024-02-26 usage: SC
card-no: 0005 0000BD62
trust: ultimate validity: ultimate
ssb brainpoolP512r1/F8CE04C4D3818C66
created: 2023-02-26 expires: 2024-02-26 usage: E
card-no: 0005 0000BD62
[ultimate] (1). Bob MARLEY <bmarley@acme.fr>
gpg> quit
Save changes? (y/N) y
La troisieme clef
$ gpg --faked-system-time "20230226T140920!" --expert --edit-key bmarley
gpg: WARNING: running with faked system time: 2023-02-26 14:09:20
Secret key is available.
sec brainpoolP512r1/CBBDAA0F4B7C7DD7
created: 2023-02-26 expires: 2024-02-26 usage: SC
card-no: 0005 0000BD62
trust: ultimate validity: ultimate
ssb brainpoolP512r1/F8CE04C4D3818C66
created: 2023-02-26 expires: 2024-02-26 usage: E
card-no: 0005 0000BD62
[ultimate] (1). Bob MARLEY <bmarley@belaris.fr>
gpg> addkey
Secret parts of primary key are stored on-card.
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
(14) Existing key from card
Your selection? 14
Serial number of the card: D27600012401030400050000BD620000
Available keys:
(1) 3F5417680639FCEF05C54803B408B83BA496E964 OPENPGP.1 brainpoolP512r1 (cert,sign)
(2) DC81057888D07B12268226B9F136013C4D32566D OPENPGP.2 brainpoolP512r1 (encr)
(3) F66AA9329AEA6F09D69DD852BF8233DE68119AF5 OPENPGP.3 brainpoolP512r1 (sign,auth)
Your selection? 3
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
Current allowed actions: Sign Authenticate
(S) Toggle the sign capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
Current allowed actions: Authenticate
(S) Toggle the sign capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon 26 Feb 2024 03:09:20 PM CET
Is this correct? (y/N) y
Really create? (y/N) y
sec brainpoolP512r1/CBBDAA0F4B7C7DD7
created: 2023-02-26 expires: 2024-02-26 usage: SC
card-no: 0005 0000BD62
trust: ultimate validity: ultimate
ssb brainpoolP512r1/F8CE04C4D3818C66
created: 2023-02-26 expires: 2024-02-26 usage: E
card-no: 0005 0000BD62
ssb brainpoolP512r1/7571DCC21DE74064
created: 2023-02-26 expires: 2024-02-26 usage: A
card-no: 0005 0000BD62
[ultimate] (1). Bob MARLEY <bmarley@belaris.fr>
gpg> quit
Save changes? (y/N) y
tech/gpg_-_recovering_lost_gpg_public_keys_from_your_yubikey.txt · Dernière modification : de 127.0.0.1