OpenPGP smartcard restore

zvrba at globalnet.hr zvrba at globalnet.hr
Tue Jun 13 20:53:19 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Tue, Jun 13, 2006 at 06:46:48PM +0100, Tristan Williams wrote:
> 
> Then it makes me wonder what is the purpose of the off card backup
> file sk_X.gpg created when the original private key was created via
> the on-card method?
>
Huh, according to the OpenPGP card specification v1.1, the GENERATE KEY
command returns only the public part of the key. If the backup file really
contains the private key, then the key is _not_ generated on the card,
even though you believe that it is. Look for yourself here:

http://g10code.com/docs/openpgp-card-1.1.pdf

in section 7.2.11 at page 38.

Have you checked what is inside the "backup" file?

Of course, I might be wrong, but publicly available sources seem to tell
that I'm right. I tried to dig into the gnupg source to see what is really
happening, but it's too large :/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEjwmfFtofFpCIfhMRA+O8AJwNTSdBzCBGPmJX6Sh6XqzJejTYLACdEfVI
PdagoBhaeMOdwjq1AfYR0D4=
=0vOZ
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list