Sunday, November 8, 2015

It feels a bit like a kluge...

Ubuntu needs to get off of the dime and fix their encryption packages.

I've been using Keybase and have been happy with it.  I recently acquired a GnuPG smart card (v2.1).  The problem that I ran into was that I could not transfer my existing keys to the card because they're 2048-bit.  The current gpg and gpg2 tools refuse to upload anything larger than 1024-bit keys (though v2.1 of the card can handle them).

The work-around appears to be generating the keys on the card (e.g., "gpg2 --card-edit" followed by "generate").  Short version: I had to generate new keys.  The problem with this is that you basically have to destroy and rebuild your Keybase profile.  I spent about an hour doing this (pushing the public key to Keybase, re-validating all of my sites, updating keys on other servers, etc.).

Everything appears normal (fingers crossed).