Load backup key on new Nitrokey Pro

dd4711 · May 29, 2020, 9:28am

Hello,

my Nitrokey Pro was replaced because of a defect. Now I try to move my existing key to it in linux mint but I fail

I created the key directly on the old Nitrokey and made a backup. Could someone please give me a hint how to load the privkey_NAME.asc to the new stick? I tried it with
gpg --card-edit NAME
bkuptocard PATH_TO_ASC
but I get “invalid command”

Thanks for your help!

Herve5 · May 29, 2020, 12:26pm

dd4711, have a look at this discussion, but I fear if you created the original key straight on the former key, you have no backup…
I myself didn’t try this while clearly it’s a key issue for me, but I understand that if one wants a backup, the key must be created outside of the Nitrokey then uploaded in the NK (and saved elsewhere for backup).
Maybe others more knowledgeable than I am will correct me…

szszszsz · May 29, 2020, 1:02pm

Hi @dd4711,

As @Herve5 pointed out, keys generated on-device are never backed up except for the encryption key (as opposed to misleading message from the GnuPG). In that case the key private data is lost unfortunately, sorry. The only way to have backup for a key is to generate it on PC securely, and then transfer to the device. The guide for importing the key existing on the PC is here:

https://www.nitrokey.com/documentation/openpgp-create-backup

dd4711 · May 29, 2020, 2:03pm

Hello @Herve5 , @szszszsz ,

Thanks first for your answers! Maybe my inital post is not correct.

I followed exactly the key creation as described at that documentation you linked.
I also made a backup of my keys, too:

gpg --armor --output privkey_jane@example.com.asc --export-secret-keys jane@example.com
gpg --armor --output pubkey_jane@example.com.asc --export jane@example.com
gpg --export-ownertrust > jane@example.com.txt

From that backup I have my sec Key, my pub key and additionally my revoke key. Everything I need to reload it to my new Nitrokey!? As I understand that I have to begin with step “Key Import” of that documentation?!

nitroalex · June 4, 2020, 8:38am

That is correct.
And you may need to delete the old key stub in your keyring (make sure to still have the backup of the original backup key ), because it is referencing your keys to the old Nitrokey. Then you import the pubkey, hit gpg --card-status and everything should be fine again.