GPG Mail: GPG Mail with 2 identical Yubikeys
I created two identical yubikeys.
Unfortunately they differ because they have a different card no.
Using the first one with card no: 000001 when sending an e-Mail works without problem.
But when I use card no 000002 and try to send an e-Mail, I get the message: „Please insert card with card no: 000001
What do I have to do, that GPG Mail recognizes the second key, which has the same GPP-keys?
Expected
Should work with both keys
macOS 10.15.3 19D76
GPG Suite 2019.2 2670 (ac945f92b0)
GPG Mail 4.0 1515 (597c8f5250) Active Support Plan
GPG Keychain 1.5.1 1587 (967419866a)
GPG Services 1.12.1 1100 (2d6c8340f0)
MacGPG 2.2.17 940 (4ba83bbeda)
GPG Suite Preferences 2.2.1 1136 (378dbebf37)
Libmacgpg 1.0.1 924 (ed76f66a8a)
pinentry 1.1.0.2 16 (9b8e20e2c0)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 10 Feb, 2020 04:38 PM
Hi Heiko,
since they have the same UIDs (email addresses) associated, there's not really a way of knowing which one to pick. Could you try to change the default key in
System Preferences › GPG Suite? That might do it (make sure to restart Mail after the change). Is there a reason why you have two almost identical keys?2 Posted by heiko.goes on 10 Feb, 2020 05:19 PM
Hi Le.
The second Yubikey is my backup key in case the first one is not working.
I would like to make sure, the second one working with GPG Mail.
Question: How do I change the default-key?
I cannot select a different Key.
I thought the problem is the pinentry on my Mac, because it prompts to insert the first key.
Support Staff 3 Posted by Luke Le on 10 Feb, 2020 06:37 PM
Scheinen beide Keys in GPG Keychain auf? Ansonsten ist der erste Schritt den 2. Key zu importieren, indem du den Yubikey einsteckst und dann
gpg --card-statusausführst.Sollten bereits beide in GPG Keychain dargestellt werden, solltest du den default Schlüssel im Dropdown in
Systemeinstellungen > GPG Suitefestlegen können.4 Posted by heiko.goes on 11 Feb, 2020 11:49 AM
Hi Le.
I think, I located my problem:
I programmed my second YubiKey with the same keys as my first one.
So they have the same id.
But they don’t have the same serial number (card number).
If I understood correctly the secret key I wrote to my second YubiKey includes the card number.
That is the reason, pin entry asks for the card number of the first YubiKey.
What I wanted to achieve is: both YubiKeys should have the same PGP-Keys.
Am I correct with my analysis?
Is there a way to achieve what I would like?
Best regards from Heiko
5 Posted by heiko.goes on 11 Feb, 2020 02:37 PM
Hi Le.
I have solved the problem :-) (after reading many threads)
The gpg-agent is connected to the YubiKey´s card no.
To change this connection, I inserted the second YubiKey and issued the commands:
gpg-connect-agent
scd learn —force
Best regards from Heiko
Support Staff 6 Posted by Steve on 11 Feb, 2020 10:10 PM
Hi Heiko,
thanks for update. Great to hear you were able to find the cause of this behavior and also a solution to your initial request.
As this is currently a private discussion, I wanted to ask if it would be ok with you, to make it public. Maybe other users search the internet for the same problem and this solution might be helpful to them.
So if you let us know if that is ok, I would switch this discussion to public.
All the best,
Steve
7 Posted by heiko.goes on 12 Feb, 2020 06:12 AM
Yes Steve.
Please make it public.
And thanks for your great support.
Viele Grüße von Heiko
Support Staff 8 Posted by Steve on 12 Feb, 2020 08:34 AM
Done. Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 12 Feb, 2020 08:34 AM.