Mailing List Archive

GnuPG card && using the backup secret key
Please note: I have changed the Subject: of the thread to match better
the real problem.

During generating the keys on the GnuPG card, one can (and should)
create some backup of the secret key into a file. It is totally unclear
to me how to make something usefull out of this file, for example import
it into a "normal" secret keyring to use it in case of the GnuPG acrd
gots lost.

I followed some hints of Damien Goutte-Gattat (thanks) and did:

> > First, remove the private key stubs:
> >
> > $ rm ~/.gnupg/private-keys-v1.d/*.key
> >
> > Then, import your backup:
> >
> > $ gpg2 --import backup.gpg
> >
> > You will then be prompted for the passphrase you choose when the backup
> > was created.
>
> I did what you suggested, but:
>
> $ pwd
> /home/guru/.gnupg-test
> $ rm -f private-keys-v1.d/*.key
> $ GNUPGHOME=/home/guru/.gnupg-test export GNUPGHOME
> $ gpg2 --import sk_61F1ECB625C9A6C3.gpg
> gpg: key 61F1ECB625C9A6C3: no user ID
> gpg: Total number processed: 1
> gpg: secret keys read: 1
> $ ls -l sk_61F1ECB625C9A6C3.gpg
> -r-------- 1 guru wheel 1865 May 14 20:29 sk_61F1ECB625C9A6C3.gpg
>
> the file is what was swritte as backup on May 14.
>

With Don Google I found this older thread in this mailing list here:

https://lists.gt.net/gnupg/users/40851

where Werner said after some (today outdated) hints:

«...
Put a "disable-scdaemon" into gpg-agent.conf, give gpg-agent a HUP and
check that no scdaemon is running anymore (you may just kill it). Then
use "gpg --no-use-agent --edit-key". The command "bkuptocard" may then
be used to store a backup key on a card.

Yes, we really need a howto on recovering smartcard keys. ...»

Was such a howto ever written?

Thanks

matthias

--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Re: GnuPG card && using the backup secret key [ In reply to ]
Hi Matthias,

Am 12.06.2017 um 20:12 schrieb Matthias Apitz:
>
> Please note: I have changed the Subject: of the thread to match better
> the real problem.
>
> During generating the keys on the GnuPG card, one can (and should)
> create some backup of the secret key into a file. It is totally unclear
> to me how to make something usefull out of this file, for example import
> it into a "normal" secret keyring to use it in case of the GnuPG acrd
> gots lost.

AFAIK the "backup process" during key creation for the OpenPGP smartcard
is a bit different: There is no interface / function on the card to
export a key. Therefore, if you decide to create a backup, a key is
first created on the host and *then* transferred onto the card.
At least that's my understanding of it.

When we developed the paper backup tool
(https://github.com/intra2net/paperbackup/blob/master/README.md)
we created several keys on the host machine, transferred the key
to the card and created a backup on paper.

During this process we also tested the restore of a card,
it worked just fine. Basically you re-import a private key from file
and tell gpg2 to move it to the card with the --edit-key command.

btw: If you create the keys on a preferable air gaped machine,
there's the "scdrand" tool to feed the kernel random pool with random
numbers generated by the hardware RNG from the OpenGPG card.
We used this script:

------------------------------
#!/bin/bash
set -u

if [ "$(whoami)" != "root" ]; then
echo "Must be root (only root can add entropy to the kernel)"
exit 1
fi

echo "Activating scdaemon"
gpg2 --card-status

current_bytes=$(( $(cat "/proc/sys/kernel/random/entropy_avail") / 8))
echo "Emptying existing kernel random pool ($current_bytes)"
dd if=/dev/random of=/dev/null bs=1 count="$current_bytes"

echo "Starting scdrand with:"
echo " - sleep time 2s"
echo " - continuously add 128 random bytes from smartcard"

./scdrand.f25 -l -i 2 128 &

sleep 3
watch -n 1 cat "/proc/sys/kernel/random/entropy_avail"
------------------------------


Cheers,
Thomas
Re: GnuPG card && using the backup secret key [ In reply to ]
On Mon, 12 Jun 2017 20:12, guru@unixarea.de said:

> create some backup of the secret key into a file. It is totally unclear
> to me how to make something usefull out of this file, for example import
> it into a "normal" secret keyring to use it in case of the GnuPG acrd

To try it you best insert a new or scratch card. Make sure your
_public key_ exists. Then run

gpg --edit-key YOURKEY

and at the prompt enter

bkuptocard FILENAME

the FILENAME is the sk_foo file. You will then be asked where to store
the key on the card (Signing, encryption, or authentication key).


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: GnuPG card && using the backup secret key [ In reply to ]
El día martes, junio 13, 2017 a las 11:52:46a. m. +0200, Thomas Jarosch escribió:

> > Please note: I have changed the Subject: of the thread to match better
> > the real problem.
> >
> > During generating the keys on the GnuPG card, one can (and should)
> > create some backup of the secret key into a file. It is totally unclear
> > to me how to make something usefull out of this file, for example import
> > it into a "normal" secret keyring to use it in case of the GnuPG acrd
> > gots lost.
>
> AFAIK the "backup process" during key creation for the OpenPGP smartcard
> is a bit different: There is no interface / function on the card to
> export a key. Therefore, if you decide to create a backup, a key is
> first created on the host and *then* transferred onto the card.
> At least that's my understanding of it.

Hi Thomas,

Thanks for your posting, but now I'm really confused. The howto about
the card in https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
says:

...
3.3.2. Generating keys

To generate a key on the card enter generate. You will be asked if you would like to make an off-card copy of the encryption key. It is useful to say yes here.
Note

Without a backup you will not be able to access any data you encrypted
with the card if it gets lost or damaged.
...


and as well in the dialog of the key creation on the card it said:

...
Please enter a new passphrase to export it.
Frase contraseña: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Repeat:
gpg: Note: backup of card key saved to '/home/guru/.gnupg/sk_61F1ECB625C9A6C3.gpg'
gpg: /home/guru/.gnupg/trustdb.gpg: trustdb created
gpg: key 47CCF7E476FE9D11 marked as ultimately trusted
gpg: directory '/home/guru/.gnupg/openpgp-revocs.d' created
gnupg-card.txtgpg: revocation certificate stored as '/home/guru/.gnupg/openpgp-revocs.d/5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11.rev'
public and secret key created and signed.

gpg/card> quit
...



>
> When we developed the paper backup tool
> (https://github.com/intra2net/paperbackup/blob/master/README.md)
> we created several keys on the host machine, transferred the key
> to the card and created a backup on paper.
>

I will have a look into the paper backup tool; sounds handy.

Thx

matthias



--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Re: GnuPG card && using the backup secret key [ In reply to ]
Am 13.06.2017 um 12:20 schrieb Matthias Apitz:
>> AFAIK the "backup process" during key creation for the OpenPGP smartcard
>> is a bit different: There is no interface / function on the card to
>> export a key. Therefore, if you decide to create a backup, a key is
>> first created on the host and *then* transferred onto the card.
>> At least that's my understanding of it.
>
> Thanks for your posting, but now I'm really confused. The howto about
> the card in https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
> says:
>
> ...
> 3.3.2. Generating keys
>
> To generate a key on the card enter generate. You will be asked if you would like to make an off-card copy of the encryption key. It is useful to say yes here.
> Note
>
> Without a backup you will not be able to access any data you encrypted
> with the card if it gets lost or damaged.
> ...
just checked the source code: If you want a backup of the key,
the "want_backup" variable is set. This later on translates
to the "card_backup_key" variable.

---keygen.c---
/*
* Generate a keypair (fname is only used in batch mode) If
* CARD_SERIALNO is not NULL the function will create the keys on an
* OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
* NOT NULL, the encryption key for the card is generated on the host,
* imported to the card and a backup file created by gpg-agent. If
* FULL is not set only the basic prompts are used (except for batch
* mode).
*/
void
generate_keypair (ctrl_t ctrl, int full, const char *fname,
const char *card_serialno, int card_backup_key)
---keygen.c---


-> so yes, if you want a backup, the key is created on the host.
Security wise it would be bad if the card has a function to extract
a key from it and there's a bug that could somehow trigger this function.

Also it does not make a big difference if the key is created
on the host or on the card if it ends up on the host anyway :)

May be the documentation needs to clarify the situation a bit.

Cheers,
Thomas
Re: GnuPG card && using the backup secret key [ In reply to ]
El día martes, junio 13, 2017 a las 11:58:51a. m. +0200, Werner Koch escribió:

> On Mon, 12 Jun 2017 20:12, guru@unixarea.de said:
>
> > create some backup of the secret key into a file. It is totally unclear
> > to me how to make something usefull out of this file, for example import
> > it into a "normal" secret keyring to use it in case of the GnuPG acrd
>
> To try it you best insert a new or scratch card. Make sure your
> _public key_ exists. Then run
>
> gpg --edit-key YOURKEY
>
> and at the prompt enter
>
> bkuptocard FILENAME
>
> the FILENAME is the sk_foo file. You will then be asked where to store
> the key on the card (Signing, encryption, or authentication key).
>

I tried (~/.gnupg-test is a copy of my normal GNUPGHOME):

$ cd .gnupg-test/
$ GNUPGHOME=`pwd`
$ env | grep GNU
GNUPGHOME=/home/guru/.gnupg-test

$ ls -l sk_61F1ECB625C9A6C3.gpg
-r-------- 1 guru wheel 1865 May 14 20:29 sk_61F1ECB625C9A6C3.gpg

$ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg
gpg (GnuPG) 2.1.19; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: key "sk_61F1ECB625C9A6C3.gpg" not found: No public key

$ gpg2 --import ../GnuPG/ccid--export-key-guru.pub
gpg: key 47CCF7E476FE9D11: "Matthias Apitz (GnuPG CCID) <guru@unixarea.de>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

The file "ccid--export-key-guru.pub" was created from the card with:

$ gpg2 --export --armor > ccid--export-key-guru.pub

matthias

--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Re: GnuPG card && using the backup secret key [ In reply to ]
Matthias Apitz [2017-06-13 12:51:01+02] wrote:

> $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg

Command --edit-key edits a key in your keyring. I'd guess that you want
to import keys:

gpg2 --import sk_61F1ECB625C9A6C3.gpg

Then you can edit them with --edit-key.

--
/// Teemu Likonen - .-.. <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
Re: GnuPG card && using the backup secret key [ In reply to ]
El día martes, junio 13, 2017 a las 02:30:05p. m. +0300, Teemu Likonen escribió:

> Matthias Apitz [2017-06-13 12:51:01+02] wrote:
>
> > $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg
>
> Command --edit-key edits a key in your keyring. I'd guess that you want

I did 1:1 what Werner suggested;

> to import keys:
>
> gpg2 --import sk_61F1ECB625C9A6C3.gpg

This is not working as I said yesterday:

$ gpg2 --import sk_61F1ECB625C9A6C3.gpg
gpg: key 61F1ECB625C9A6C3: no user ID
gpg: Total number processed: 1
gpg: secret keys read: 1

Btw: the publickey is there:

gpg2 --list-keys
/home/guru/.gnupg-test/pubring.kbx
----------------------------------
pub rsa4096 2017-05-14 [SC]
5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
uid [ultimate] Matthias Apitz (GnuPG CCID) <guru@unixarea.de>
sub rsa4096 2017-05-14 [A]
sub rsa4096 2017-05-14 [E]
...

--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Re: GnuPG card && using the backup secret key [ In reply to ]
On 13/06/17 12:51, Matthias Apitz wrote:
> $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg

Unfortunately you got lost in the advice from multiple people :-).

This file sk_... is not a public key. It is just the backup of the
material that is in one of the slots of the card.

When Werner said "make sure your public key exists", he meant you should
perhaps import the file created with:

> $ gpg2 --export --armor > ccid--export-key-guru.pub

So:

Let's not use a temporary homedir. There have been some changes lately
regarding locating the agent and scdaemon with a changed homedir. I
don't know off the top of my head what the currect situation is. GnuPG
getting confused about its homedir is a great way to make you confused
as well.

However, *backup your homedir*. If all goes awry, you can restore from
backup.

And do you have a spare OpenPGP card? Don't use your OpenPGP card with
the keys on it! Or else you'll get "I tried to be prudent and test my
backup, my backup wasn't good and it trashed my card. I now need a
backup to restore my card. Hmmmm."

Since you are using your normal GnuPG installation to do this operation,
the public key is already available! If you do start from scratch, first do:

$ gpg2 --import ccid--export-key-guru.pub

Then do:

$ gpg2 --edit-key 47CCF7E476FE9D11

You don't specify a filename to --edit-key, you specify a key in your
keyring. In your original post, one can see that you could have also done:

$ gpg2 --edit-key Matthias

but this would fail as soon as you import another Matthias's key or you
generate a second key for yourself, since GnuPG wouldn't know which key
you meant.

And then at the prompt enter:


*But do this to a scratch card*! Direct GnuPG to put it in the
Encryption slot.

Now that card holds another copy of your key. What I don't know is
whether this will also tell GnuPG to look for this key on the new card
from now on. Actually, that would be a good way to really test the
backup, but that shouldn't be necessary. If it is the case and GnuPG
asks for that new card any time you want to decrypt, proceed as follows:

- Determine the keygrip of your encryption key.

$ gpg2 --with-keygrip -k 47CCF7E476FE9D11

For me, the output is as follows:

> pub rsa2048 2009-11-12 [C] [expires: 2017-10-19]
> 8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E
> Keygrip = 13790148EEE34BC5140DD31B6F95EABA8A19E419
> uid [ultimate] Peter Lebbing <peter@digitalbrains.com>
> sub rsa2048 2009-11-12 [S] [expires: 2017-10-19]
> Keygrip = 46E61BB13BF429980D89B6B7BDE0F70E55E41A03
> sub rsa2048 2009-11-12 [E] [expires: 2017-10-19]
> Keygrip = A9C7C73653BEDAF478E4956FCF4C3AFC7CB9A00C
> sub rsa2048 2009-12-05 [A] [expires: 2017-10-19]
> Keygrip = 2DD5CC89FE601845C8C4F74F9643724A08D878FD

My encryption subkey has the keygrip
A9C7C73653BEDAF478E4956FCF4C3AFC7CB9A00C.

- Delete the smartcard key stub:

$ rm ~/.gnupg/private-keys-v1.d/<keygrip>.key

- Insert your regular smartcard, the one which also holds the SC and A key.

- Execute:

$ gpg2 --card-status

Now GnuPG will once again pick up the E key on your regular card.

Finally, if you want to remove the restored backup from the new/scratch
OpenPGP card, do (with that scratch card in the reader):

$ gpg2 --card-edit
gpg/card> admin
gpg/card> factory-reset

That should be it.

At some point earlier you deleted a file from
~/.gnupg/private-keys-v1.d/. If you deleted the wrong one, you'll be
very glad you made that backup of the directory. Restore from backup.
Since the backup was made before you started fiddling with stuff, if you
restore the whole .gnupg directory, it will automagically restore the
correct situation you started out with, and it will ask for your regular
card, not the new one.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>