We are working with the OpenPGP cryptocard. We will create three subkeys: an authentication key (used for things like ssh, pam/gdm/login), a signature subkey for signing things, and an encryption subkey. The first two will be generated on the card itself, and the encryption subkey will be generated on your machine, and then transferred to the card. This is vital, because as soon as you put keys on the smartcard, you cannot copy them off and if you create the encryption key on the card itself, you cannot make a backup of this key onto another medium. If the card breaks, then you are out of luck.
We are working with an existing gpg key that already has an encryption subkey which we will be replacing with this newer one that can be used on the card. But what about people who already have your key? Do not worry, we are replacing the subkey, not the primary key, which is what the general public knows about.
First a little instruction on how to know your keys.
What is your keyID? To find out do a gpg —list-keys or , it will spit out some possible matches, find the one that is yours and your keyID will be listed after the pub part of the first line, like as follows:
pub 1024D/646C2E0C 2005-03-01
In this example, the keyID is 646C2E0C.
Now you need to be able to identify the subkeys, and what kind of subkeys they are. To do that, you need to edit your keyID:
$ gpg --edit-key 646C2E0C pub 1024D/646C2E0C created: 2000-12-31 expires: never usage: SC trust: ultimate validity: ultimate sub 2048g/ABC605D5 created: 2005-03-01 expires: never usage: E
This shows one primary key (646C2E0C) and one encryption subkey (ABC605D5). You will notice here that the encryption subkey is actually a 2048 bit subkey, and the primary is a 1024, isn’t that cool. Well this subkey wont work on the OpenPGP card, because its limited to 1024 bits. But thats fine, we are going to yank that out and replace it with something else. You can do this, thats whats great about subkeys!
The steps are as follows:
1. Initialise the smartcard to reflect the key owner, change first to admin mode, and then issue the ‘name’, ‘passwd’, etc. commands. NOTE: The admin pin must be at least 8 characters, the regular pin can be any length, and it doesn’t have to be numbers.
$ gpg --card-edit Command> admin Admin commands are allowed Command> name ...
2. kill any gpg-agent that may be running, if you do not, you will get strange errors as you continue with the steps below, such as the following errors:
gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769 gpg: error clearing forced signature PIN flag: general error
3. add the authentication subkey, do this one first, even though it is listed as the last selection (supposedly some older versions of gpg have issues if you do them out of order):
$ gpg --edit-key $KEYID Command> addcardkey Please select the type of key to generate: (1) Signature key (2) Encryption key (3) Authentication key Your selection? 3 gpg: 3 Admin PIN attempts remaining before card is permanently locked Admin PIN: ******** PIN: ****** Key is protected. Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y Really create? (y/N) y gpg: existing key will be replaced gpg: please wait while key is being generated ... gpg: key generation completed (27 seconds) Command>
4. add the signature subkey by repeating the above process, but instead selecting signature (option 1).
5. Now we want to add an encryption subkey, but we want to generate it off of the card, so we can make a backup of it, and then we will push that encryption subkey to the card. NOTE: If you have a pgp key already, you might be able to push the entire thing on to the card if your key is 1024 bits and RSA, otherwise you need to make a new encryption subkey (it may be good to make a subkey anyways because…?)
6. add an encryption subkey, chose the RSA (encrypt only) option and keysize 1024 (since this is the only type and size the card supports):
Command> addkey You need a passphrase to unlock the secret key for user: "Some User <firstname.lastname@example.org>" 1024-bit DSA key, ID XXXXXXX, created 2000-05-07 Please select what kind of key you want: (2) DSA (sign only) (4) Elgamal (encrypt only) (5) RSA (sign only) (6) RSA (encrypt only) Your selection? 6 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 1024 We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ ..+++++
7. move the encryption key above to the card:
$ gpg --edit-key $KEYID Command> toggle [this sets you into secret key mode] Command> key $NUMBER [select the encryption key above, it'll be the last one if you just generated it, and this command puts a * next to it] Command> keytocard Please select where to store the key: (2) Encryption key Your selection? 2 Command> save
After doing all this, your keys should look something like this (with your own keyids, of course):
pub 1024D/646C2E0C created: 2005-03-01 expires: never usage: CS trust: ultimate validity: ultimate sub 2048g/9E3605D5 created: 2005-03-01 expires: never usage: E sub 1024R/A8578EFE created: 2005-08-09 expires: never usage: A sub 1024R/6530037B created: 2005-08-09 expires: never usage: S sub 1024R/13EF00D0 created: 2005-08-09 expires: never usage: E
8. Backup your whole keyring! Or you might loose it all:
$ cp ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.backup $ cp ~/.gnupg/pubring.gpg ~/.gnupg/pubring.gpg.backup
9. Move secring.gpg and pubring.gpg onto a separate medium (such as an encrypted USB stick).
10. Now remove your main encryption key. This way, it will not be compromised if your computer is stolen or if somebody compromises your machine. Your encryption will be only available on your card (and wherever else you may have backed up your key to).
$ gpg --edit-key <yourkeyID> Command> key 1 pub 1024D/72FC2E0C created: 2005-03-01 expires: never usage: CS trust: ultimate validity: ultimate sub* 2048g/ABC605D5 created: 2005-03-01 expires: never usage: E sub 1024R/A8578EFE created: 2005-08-09 expires: never usage: A sub 1024R/2FA0037B created: 2005-08-09 expires: never usage: S sub 1024R/FEFF00D0 created: 2005-08-09 expires: never usage: E Command> delkey Do you really want to delete this key? (y/N) y pub 1024D/72FC2E0C created: 2005-03-01 expires: never usage: CS trust: ultimate validity: ultimate sub 1024R/A8578EFE created: 2005-08-09 expires: never usage: A sub 1024R/2FA0037B created: 2005-08-09 expires: never usage: S sub 1024R/FEFF00D0 created: 2005-08-09 expires: never usage: E Command> save
11. Now export secret subkeys to file
$ gpg --export-secret-subkeys <yourkeyID> >sub.secring
12. Now remove your secret master key from the secret keyring:
$ gpg --delete-secret-keys <yourkeyID> gpg (GnuPG) 1.4.2; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. sec 1024D/72FC2E0C 2005-03-01 Bird Warrior <Birds@riseup.net> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y
13. reimport your subkey stubs:
$ gpg --import sub.secring
14. Reimport your complete public keyring:
$ gpg --import .gnupg/pubring.gpg.backup
15. Your key should now look like this:
$ gpg --edit-key 72FC2E0C gpg (GnuPG) 1.4.2; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 1024D/72FC2E0C created: 2005-03-01 expires: never usage: CS trust: ultimate validity: ultimate sub 1024R/A8578EFE created: 2005-08-09 expires: never usage: A sub 1024R/2FA0037B created: 2005-08-09 expires: never usage: S sub 1024R/FEFF00D0 created: 2005-08-09 expires: never usage: E sub 2048g/ABC605D5 created: 2005-03-01 expires: never usage: E
16. Dont forget to remove sub.secring and the backups you created earlier:
$ rm sub.secring $ rm *.backup
17. Now you are going to want to make sure that you can decrypt your own files if the smartcard is lost or broken, so you want to make sure to always encrypt all your files for both of your encryption subkeys (the one on the card, and the one on your master key). To do that, you need to make a couple changes to your gpg configuration to add the encryption subkeys. Add the following lines, replaing the key IDs with the encryption subkey IDs, which are the ones listed with the ‘E’ above.
hidden-encrypt-to 0xABC605D5 default-recipient 0xFEFF00D0! default-recipient 0xABC605D5
Note: make sure you dont have ‘default-key’ and ‘encrypt-to’ set to something else in your gpg.conf
18. Now lets test it! First try encrypting a file, with the card inserted:
$ gpg -e <filename>
this will create .gpg, lets try to decrypt it:
$ gpg -d <filename>.gpg
It should be asking you for your PIN and when you enter it, it will display the encrypted contents.
Now try removing the card and then try to decrypt it again. It shouldn’t work if you actually removed your keys from your local drive and instead it will ask you to insert the card and try again. If it works, even without the card, then your secret master subkey has not been properly removed.
19. Now, test to make sure you can decrypt this file with your key, to do this we need to get gnupg to use the backup secret keyring that we have stored on the encrypted USB stick, instead of the clean keyring that we are using for the card.
To do this we must move our clean keyring out of the way:
$ mv ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.clean
Then create a symlink from the backup secring.gpg to the .gnupg directory:
$ cd .gnupg $ ln -s <path/of/backup>/secring.gpg .
Not try to decrypt the file you encrypted earlier. If you properly encrypted it to your card and your offline backup, you should be able to see the contents of the file using this secret key, without the card inserted.
Once you have verified this, return to a clean state:
$ rm ~/.gnupg/secring.gpg $ mv ~/.gnupg/secring.gpg.clean ~/.gnupg/secring.gpg
20. Now you need to get others to start using your new subkey, to do that you will need to send to the keyservers your new encryption subkey:
$ gpg --send-keys <EncryptionSubKeyID>
You can also put the make the key available on a website, or send it via email by generating a text-file representation:
$ gpg --export --armor <EncryptionSubkeyID> > publickey.asc
21. So, now you will need to go through a process of re-encrypting files that you previously have encrypted to your off-line key to be also encrypted with your smartcard subkey.
Hey you are done!
If your card is lost/stolen, then just revoke the subkeys stored on it and restart the process with a new card.
this is a great issue