Create backup Yubikey with identical PGP keys

Question

I've recently bought two Yubikeys Neo which I'd like to use primarily for encryption and authentification by using the smartcard feature with GnuPG. I've read a few how-to on the subject (most notably here and here) and I've managed to generate and export to the Yubikey a keyring with the 3 subkeys for signing, encrypting and authenticating. Using these, I was able en encrypt a file using my public key that I could only decrypt by pluging in the Yubikey. Great.

Now I want to duplicate this setup on the other Yubikey to act as a backup in case I lose my main device. Since gpg's "keytocard" command deletes the local keys I was only able to export the same keys to the other Yubikey by making and restoring a backup of my .gnupg directory (which doesn't seem right), and even so, when I try to decrypt my test file, gpg asks specifically for the key with some serial number and it won't decrypt with the backup key.

Is there a way to use two different Yubikeys as a backup like this? If not, what is the best way to proceed to achieve this? (meaning : keeping a backup key that I can use to decrypt my files in case I lose the main key).

score 13 · Answer 1 · answered Aug 13 '18 at 00:09

13

found this blurb which says that theres a command you can run which will essentially tell your local gpg app to scan the new card and use that instead if things gel. so in the case of using a backup card, not the worst case to run an "init" to make it work.

https://forum.yubico.com/viewtopic38a1.html?f=35&t=2400

Running

gpg-connect-agent "scd serialno" "learn --force" /bye

will update the secret key stubs for the PGP keys on the currently inserted key. So running that after key insertion will cause gpg to use the currently inserted key.

answered Aug 13 '18 at 00:09

MrTristan

239
2
3

3

This!! I've been figuring out which files in `~/.gnupg/private-keys-v1.d/` match the subkeys and deleting them. This is perfect! – jeckhart Dec 18 '18 at 01:48
Wow thanks, this works perfect for me!! – Daniel Hitzel Jan 03 '20 at 08:46
1

Thank you! This solved the problem after 1h of googling. All other solutions are bad and cumbersome. – Dennis Dyallo Apr 27 '21 at 20:50
You won't be able to use the local keys afterwards. – Myridium Jun 01 '21 at 10:55

user8675309 · Answer 2 · 2018-03-26T18:31:08.197

Instead of backing up an entire directory you can export (create a backup copy of) the key using e.g.

gpg -a -o seckey.asc --export-secret-key ABCD1234

and import it again (after moving to first card) with

gpg --import seckey.asc

GPG is asking for the specific card because after it moves the key to the card it stores a key stub on your system, which ties that key to that card. If you delete the key from gpg (e.g. gpg --delete-secret-and-public-key ABCD1234) and the reference (One of potentially many in e.g.

C:\users\someUser\AppData\Roaming\gnupg\private-keys-v1.d or

/home/someUser/.gnupg/private-keys-v1.d

) then you can insert the backup Yubikey and

gpg --card-status

to create a stub referencing that key on the second Yubikey instead of the first.

You could also just keep the exported key secure and use that as your backup, but that wasn't the question asked.

score 6 · Accepted Answer · answered Mar 15 '18 at 18:46

After a lot trial and error, I finally found a way to achieve this. Here is an answer to my own question in case it helps someone :

The trick was to not try to export the same subkeys to the two Yubikeys (gpg doesn't like that) but to generate different subkeys. In my keyring I have 6 subkeys : 3 for the main Yubikey (Sign, Encrypt, Auth) and 3 for the backup Yubikey. I exported the corresponding private keys to the Yubikeys, which this time didn't need the hack to restore a backup of .gnupg. Finally, I encrypt my files using both public keys, so I can decrypt them with either Yubikeys :

gpg -e -r [keyid1]! -r [keyid2]! [file]

Don't forget the exclamation mark at the end of each key id. Otherwise, for some reason, gpg will understand that for each recipient you want "some key in the same keyring" and will select the same key twice by default.

Now gpg will accept either private key to decrypt the file. In case of Yubikeys, it will ask you to plug the first one, and if you cancel, it will ask for the second one, so you can use either one. I specified the main key in the first -r so gpg directly ask for the main Yubikey and won't bother me with the backup one. To make things simpler, I aliased the whole gpg command with both keyids to yk_encrypt.

i applaud the creativity. I'm in the exact same situation as your original question. I would say though that this doesn't quite "feel right". i think the other answer is more "natural". if you need to use your backup, it feels ok to kill the references on your machine and pull in data from the backup as the other person mentioned — MrTristan, Aug 09 '18 at 22:21
To avoid the popup that asks for another card, I have written a script that lets you remove the key stubs for the other card. See https://github.com/rjekker/gpg-switch-card — rje, Jan 10 '19 at 23:00
To prevent subkeys from being removed from your offline .gnupg directory (it's offline, right ;)?), after keytocard make sure you quit without saving. If you use keytocard and then quit and confirm save, the subkeys are removed from local keyring and unless you have a back-up - they're now only on the yubikey without a way to get them back out. — karni, Nov 23 '19 at 18:23

score 2 · Answer 4 · answered Oct 18 '18 at 06:25

It is possible.

Generate the keys locally in your keychain. No Yubikey yet.
Export the secret keys (including master and all subkeys). (Remember the password you used to encrypt your keys, as the exported blob will be encrypted with it)
After you have the private keys exported and stored somewhere safe, keytocard each key in the edit-key menu.
Remove Yubikey 1, then enter the edit-key menu of the key you just moved.
Use the grip command to find the Keygrips of each key.
You will find a .key file for each keygrip in your ~/.gnupg/private-keys-v1.d/* folder... delete them, while being careful not to delete anything else (don't want to wipe private keys for unrelated rings)
gpg2 --import the exported private keys you made in step 2.
Now you have the private keys in your local keyring again. Insert yubikey 2 and repeat step 3.
Now here's the hard to explain part... those keygrip.key private key files basically tell gpg "this private key is in Yubikey with serial no. xxxxx" so you can't just swap cards and use either or... you have to run some commands in between swapping... which is fine since you probably won't be swapping and just want a second one for a backup... but 2 years later when you need your backup, you might trip up because you forgot about this little problem. One way to do it is to delete all the private keys via the keygrip method I showed you. Then just run gpg2 --card-edit once and it will automatically detect+connect your card to the private keys of the pubkeys in your keyring (deleting the keygrips doesn't remove the pubkeys)... or run gpg-connect-agent "scd serialno" "learn --force" /bye as MrTristan suggested to reset the card serial x private key relationship info.

Once you have entered a private key into the yubikey you can't get it out, so for one's you already made it's too late.

Also, one big glaring problem with this method: How do you know that no one is keylogging + stealing your private key backup as you are making it...

Still though, this method is better than just storing private keys on your disk. As your attack surface is reduced to the initial setup only... and any time you need to pull out your backup.

Create backup Yubikey with identical PGP keys

4 Answers4

Linked