Question on Migrating gpg Keys
Emil Lundberg
lundberg.emil at gmail.com
Mon Feb 11 12:49:16 CET 2019
Hi Mark,
While you're going through the effort of re-encrypting things, I would
recommend that you create your encryption subkey outside the YubiKey
(preferably in an airgapped environment) and import it, rather than
generate it on board the YubiKey, so that you can have a backup of it*. At
least if you're using the same encryption subkey for anything else than
Pass - an alternative solution for Pass is to have the password store
encrypted with more than one subkey, but that won't help if you end up with
other things encrypted to only one subkey and lose that subkey. Just a
friendly warning. :)
*Note that you typically don't need backups of signature or authentication
subkeys, because signature verification only needs the public keys - unlike
encryption subkeys, because decryption needs the private keys to be
long-lived.
/Emil
On Sun, 10 Feb 2019 at 23:23 Jake Yip <jake.yip at ardc.edu.au> wrote:
> Hi Mark,
>
> Are you referring to re-encrypting your pass store with the new key on
> your Yubikey 5? In that case, I've managed to do that by doing `pass init
> [-p <path>] old-key-ids new-key-id. Where old-key-ids are ids in .gpg-id.
>
> Hope that helps,
> Jake
>
> On Sun, Feb 10, 2019 at 11:29 PM Mark Stanhope <Mark at stanhope.org.uk>
> wrote:
>
>> Hello, first time poster.
>>
>> I have used Pass for a while using a Yubikey Neo as the store for my GPG
>> keys. The new yubikey 5 supports 4096 keys, whilst the NEO did not
>> support above 2048 for NFC.
>>
>> So i am planning to move to the new Yubikey 5, but cant currently find
>> anything about adding or removing GPG keys from a pass git rep.
>>
>> Any suggestions are very welcome, thank you in advance.
>>
>> Mark
>>
>>
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>
>
>
> --
> Jake Yip
> DevOps Engineer
> M +61 383 443 669 <+61+383+443+669>
> jake.yip at ardc.edu.au <tsuey.cham at ardc.edu.au>
> ardc.edu.au <http://www.ardc.edu.au>
> [image: ardc.edu.au] <http://ardc.edu.au>
> <https://twitter.com/ands_nectar_rds>
> <https://www.youtube.com/user/andsdata>
> ARDC acknowledges the Traditional Owners of the lands
> that we live and work on across Australia and pays its respect
> to Elders past and present.
> Please consider the environment before printing this e-mail.
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190211/87bd196a/attachment.html>
More information about the Password-Store
mailing list