Hello to all members of this group !
Hope all doing great.
I have configured PC login ( universal second factor authentication) using nitrokey 3a NFC device. As per my knowledge, public keys are stored in PC and private keys are stored in nitrokey .
My question is if I would lost public key due to some reasons. Then what other alternatives, nitrokey provides to restore public key or successful login to PC?
Thanks.
Regards,
Engr.
Hi,
If you don’t lose your Nitrokey, you can still export your public key from it.
Insert the Nitrokey into your machine, and open a terminal.
Step 1: get the KeyID as follows
gpg -K
The KeyID should resemble this:
FA0747D1980D09A949D5334B677C48537ABCFF05
Step 2: export the public key
gpg --armor --output mypublickey --export FA0747D1980D09A949D5334B677C48537ABCFF05
Step 3: inspect the file mypublickey by opening it in a texteditor, like gedit, nano
The file should resemble the following:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQEFBGUxC5cBCADGBjR88Q7QT5Q5LhVcdV4sDG18Qz29PtoY+UL5xCxE7qF5iF37
Mqu04AE+A2QCtYOB1Zdcsba5yAb2j03BefdhwXu2S9lG6jJ01nOgOb8xSGhoLghn
...
+ULvR2426eIERXpcdY3S4y2HPfg8cSH+NeDnbfg=
=cn3J
-----END PGP PUBLIC KEY BLOCK-----
Hope this helps
A second-factor for PC login is usually not via gpg keys, as per example of @Daniel_k. So, be sure what setup is employed before you rely on having a working backup.
AFIK the Nitrokey only contains the private key on the token and protects this by design.
Therefore a backup must include also the public key. Once you start on a fresh gpg installation you will need to import the public key to work again with your token.
You might be able to somehow make the token available via the keygrip you can read from the card but AFAIR this only helps to decrypt an existing message.
I think the public parameters are gone after key generation and when the key is not present on the system.