Re: Extending Expiration dates of gnupg keys with the private key residing on a smart card
On 10/04/17 10:46, Johannes Graumann wrote:
> 2) Import offline master key (backup):
> gpg --import <KEYID>.master.key
- Which version of GnuPG is this? GnuPG 1.4 will not ever update the
secret part of a key, so you'll have to delete the existing copy first.
Be very careful! You're deleting a copy of your secret key, make sure
you know what you're doing. I believe this also went for 2.0 and only
2.1 can update secret keys, but I'm not sure and can't check from the
passenger seat of the car I'm in :-D.
- Note that you are negating a large part of an offline master key by
bringing it online. Usually, you'd use a different computer to do master
key operations on, a computer that doesn't have an internet connection.
If you're worried about your computer being hacked, note it usually
won't suddenly automatically become un-hacked later, it'll just stay
hacked until reinstalled. But there is no single correct answer to this.
This has just removed all your private keys belonging to this
certificate, primary *and* subkeys.
> As a result the keys remain unavailable (expired?) to all means I
> intent to use them with (kmail/kgpg/kleopatra, evolution/seahorse,
... You /did/ just delete all keys :-).
You'll need to restore your private key from backup, and follow the
instructions you used earlier to create a subkey-only keyring.
By the way, it helps if you post the output of the commands, because we
can't see if they appear to have worked correctly. I mean the console
ones; I wouldn't start with all the effort of taking screenshots and
cropping them and uploading them to the web...