-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two Yubikeys with unique subkeys are causing conflict #112
Comments
Its my understanding is that GPG will only encrypt for the latest encryption sub-key. See https://wiki.debian.org/Subkeys
|
That's correct - you can only encrypt to a single sub-key at a time. I recommend and use multiple identities and keys, then encrypt to all of them for redundancy. |
This is a know issue in GnuPG. I added a workaround to the documentation, use it when you want to switch from your main key to your backup key : https://github.com/drduh/YubiKey-Guide#multiple-keys |
Hi, Best regards |
I'm using two Yubikeys with identical gpg-keys, WSL and GnuPG for Windows (version 2.2.17) and I have to first kill the gpg-agent before running the command or else it will still "discover" the old Yubikey:
|
I've found this script to be quite useful: https://github.com/darconeous/shattings/blob/master/bin/gpg-card-change |
Add this to like your ~/.bashrc or ~/.zshrc to easily be able to just fix the issue by typing
|
I have 2 Yubikey 5Cs.
I followed the guide creating a master key pair. Then I created six subkeys (S E A) and put 3 of each on two Yubikeys.
When I got to the part where it asked me to encrypt and decrypt a message I put in my backup Yubikey first. It decrypted the message successfully.
When I put in my regular Yubikey and tried to decrypt the message I got an error "Please insert the card with serial number xxxxx".
Does anyone know how to resolve this issue?
The text was updated successfully, but these errors were encountered: