OpenPGP smartcard restore

zvrba at zvrba at
Tue Jun 13 19:47:58 CEST 2006

Hash: RIPEMD160

On Tue, Jun 13, 2006 at 06:55:17PM +0200, markus reichelt wrote:
> I'm not a smartcard user (somehow the concept hasn't been able to
> convince me ... yet), but what you write really sounds rather
> strange. Essentially you're saying: no backup of a private key
> generated on/via a smartcard cannot be exported. Because if it could
> be exported, importing the key(s) in question just works.
Modulo more advanced cryptographic modules (not smart-cards!) which allow
export of a wrapped (=encrypted) key to the file or another smart-card.
The mechanisms are complicated; you can look for example at for an example of such device. They are both
impractical (large and non-portable) and expensive (in the range of few
thousand EUR).

On the other hand, there are card-management systems (CMS) which generate
private keys in *their own* cryptographic module and import it securely
(over encrypted channel) into the smart-card; CMS saves the backup of
the key in its own database aside (again, protected by some "master key"
stored safely in the cryptographic module). Look at for concrete mechanisms.

Granted, the simplistic usage of smart-cards for encryption is a great
opportunity to shoot oneself in the foot.

Version: GnuPG v1.4.2.2 (GNU/Linux)


More information about the Gnupg-users mailing list