Hi @jarirajari !
All usual GnuPG commands will work, and the Nitrokey keys would be used transparently. Example cases:
-
gpg2 --detach-sign file-to-sign.txt- file signature placed separately; -
gpg2 --verify file-to-sign.sig- signature verification (does not require Nitrokey; requires public key of the signer); -
gpg2 --encrypt file-to-encrypt.txt- file encryption (does not require Nitrokey; requires public key of the recipient); -
gpg2 --decrypt file-to-encrypt.gpg- file decryption; -
gpg2 --sign --encrypt --recipient Bob@nitrokey.com file-to-encrypt.txt- sign and encrypt data for Bob; -
gpg2 --encrypt --recipient me@altavista.com file-to-encrypt.txt- file encryption to myself only (does not require Nitrokey; requires public key of the recipient).
See gpg2 --help for details. On some systems the command is named just gpg.
Regarding the first setup on a fresh system, the main public key of the material stored on the Nitrokey has to be imported, as it keeps only the secret part. It can be done by:
- using key servers - send the public key to the server (like https://keys.openpgp.org/) and then retrieve it on each fresh setup either by hand or using GnuPG - see more at https://www.gnupg.org/gph/en/manual/x457.html;
- importing the public key from the file - the latter could be created in the environment, where the keys were generated;
- storing the file under own https address, which is placed on the smart card - this will allow the GnuPG to semi-automatically download the public key on use (see documentation).
Then simple gpg2 --card-status will make aware the environment about your secret key location.
Regarding general applications for the Nitrokey Start, please take a look at: