... | ... | @@ -441,7 +441,8 @@ first PIN: |
|
|
This will prompt you for the current PIN. The factory default is
|
|
|
`123456` (yes, just like the combination on someone's luggage).
|
|
|
|
|
|
Also set the Admin PIN in that way:
|
|
|
You will want to also set the Admin PIN, but the default is slightly different
|
|
|
from the previous one, it is `12345678`:
|
|
|
|
|
|
gpg/card> passwd
|
|
|
gpg: OpenPGP card no. [REDACTED] detected
|
... | ... | @@ -770,18 +771,21 @@ from the backups. |
|
|
|
|
|
gpg --import $BACKUP_DIR/public.key
|
|
|
|
|
|
3. confirm GnuPG can see the secret keys:
|
|
|
3. confirm GnuPG can not see any secret keys:
|
|
|
|
|
|
gpg --list-secret-keys
|
|
|
|
|
|
you should not see any `Card serial no.`, `sec>`, or `ssb>` in
|
|
|
there. If so, it might be because GnuPG got confused and still
|
|
|
thinks the old key is plugged in.
|
|
|
you should not see any result from this command.
|
|
|
|
|
|
4. then, crucial step, restore the private key and subkeys:
|
|
|
|
|
|
gpg --decrypt $BACKUP_DIR/gnupg-backup.tar.pgp | tar -x -f - --to-stdout | gpg --import
|
|
|
|
|
|
5. confirm GnuPG can see the secret keys:
|
|
|
you should not see any `Card serial no.`, `sec>`, or `ssb>` in
|
|
|
there. If so, it might be because GnuPG got confused and still
|
|
|
thinks the old key is plugged in.
|
|
|
|
|
|
5. then go through the `keytocard` process again, which is basically:
|
|
|
|
|
|
gpg --edit-key $FINGERPRINT
|
... | ... | @@ -793,7 +797,6 @@ from the backups. |
|
|
key 1
|
|
|
keytocard
|
|
|
key 2
|
|
|
key 1
|
|
|
keytocard
|
|
|
|
|
|
At this point the new key should be a good copy of the previous
|
... | ... | |