Link to multiple keys discussions. Fix #19. Fix #112.

This commit is contained in:
drduh 2019-06-09 11:42:00 -07:00
parent 753b8e7a3b
commit 09f3822a19
1 changed files with 7 additions and 5 deletions

View File

@ -46,7 +46,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
- [Prerequisites](#prerequisites) - [Prerequisites](#prerequisites)
- [WSL configuration](#wsl-configuration) - [WSL configuration](#wsl-configuration)
- [Remote host configuration](#remote-host-configuration) - [Remote host configuration](#remote-host-configuration)
- [Multiple keys](#Multiple-keys) - [Multiple Keys](#multiple-keys)
- [Require touch](#require-touch) - [Require touch](#require-touch)
- [Email](#email) - [Email](#email)
- [Reset](#reset) - [Reset](#reset)
@ -1783,11 +1783,11 @@ On the remote host, type `ssh-add -l` - if you see the ssh key, that means forwa
**Note** Agent forwarding may be chained through multiple hosts - just follow the same [protocol](#remote-host-configuration) to configure each host. **Note** Agent forwarding may be chained through multiple hosts - just follow the same [protocol](#remote-host-configuration) to configure each host.
# multiple keys # Multiple Keys
GnuPG doesn't store the serial number of the first key it has seen - [#T2291](https://dev.gnupg.org/T2291). If a you want to use multiple YubiKeys with a single identity - or to replace a lost card with another, delete the GnuPG shadowed key - where the card serial number is stored (see [GnuPG #T2291](https://dev.gnupg.org/T2291)).
If a YubiKey is lost and replaced, delete GnuPG's shadowed key - where the serial number is stored. Find the `Keygrip` number of each key: Find the `Keygrip` number of each key:
```console ```console
$ gpg --with-keygrip -k $KEYID $ gpg --with-keygrip -k $KEYID
@ -1806,7 +1806,7 @@ sub rsa4096/0x3F29127E79649A3D 2017-10-09 [A] [expires: 2018-10-09]
Then delete all the shadow keys using their `Keygrip` number: Then delete all the shadow keys using their `Keygrip` number:
```console ```console
$ cd .gnupg/private-keys-v1.d $ cd ~/.gnupg/private-keys-v1.d
$ rm 85D44BD52AD45C0852BD15BF41161EE9AE477398.key \ $ rm 85D44BD52AD45C0852BD15BF41161EE9AE477398.key \
A0AA3D9F626BDEA3B833F290C7BCA79216C8A996.key \ A0AA3D9F626BDEA3B833F290C7BCA79216C8A996.key \
@ -1819,6 +1819,8 @@ Insert the new YubiKey and re-generate shadow-keys by checking card status:
$ gpg --card-status $ gpg --card-status
``` ```
See discussion in Issues [#19](https://github.com/drduh/YubiKey-Guide/issues/19) and [#112](https://github.com/drduh/YubiKey-Guide/issues/112) for more information and troubleshooting steps.
# Require touch # Require touch
**Note** This is not possible on YubiKey NEO. **Note** This is not possible on YubiKey NEO.