How Yubikey works with GPG?

Question

please help me to understand how yubikey works with GPG.

I have a key, and i moved it to yubikey. But before that i made a backup my .gnupg folder.

After that, i removed yubikey to use it on another PC.

On the PC i removed .gnupg folder and restored .gnupg folder and restored .gnupg folder from backup.

So, i expect that i have the same keys on my PC and on yubikey.

But if i encrypt something with yubikey, like gpg -e -r 'mykey' 123.txt

I can't decrypt it on my PC with the same key.

It says:

gpg: encrypted with RSA key, ID 3435KSLDKJFLKSJF234
gpg: decryption failed: No secret key"

But i have secret key. What happens?

Peter Kalef ' DidiSoft Peter Kalef ' DidiSoft · Accepted Answer · 2019-05-09T08:07:50

Yubikey stores the private keys and thus the operations executed on Yubikey are sign and decrypt. (The public keys can also be found on the Yubikey card - because each OpenPGP private key contains a copy of the public key)

When you move a key to Yubikey - the private key is removed (actually only a stub remains) from GnuPG keys folder and it resides only on the Yubikey card. The only way to decrypt now is by using the Yubikey card.

How Yubikey works with GPG?

1 Answers