generate keys on smartcard?

Bernd Eckenfels lists at
Thu Dec 12 02:01:02 CET 2002

On Wed, Dec 11, 2002 at 02:56:18PM +0100, Werner Koch wrote:
> Even if a key was uploaded to the smartcard it won't be possible to
> retrieve it again.

Typically this feature is done to protect the user from himself. Like for
example required for the Signaturgesetz (Signature Law in Europe).

> > Will GnuPG support this possibility in the future, how long I have to wait?
> I have no estimation. It will certainly help to purchase maintenance
> points at .

I think the key generation can be triggered by (card) vendor tools, this is
not a big deal. The only thing in GPGs case would be to 

a) work with the smartcard crypto interface, which is also needed for those
smart cards which allow the key to be loaded
b) allow to generate a gpg certificate from the public key part

Possibly there is also another option needed:

c) be able to use a smart card stored certificate to validate signatures (at
least retrieve that certificate and put it in keystore)

The last option is needed, but that way a ca issued smartcard will also be
the vehicle to deliver the ca's root cert to the user.

  (OO)      -- Bernd_Eckenfels at --
 ( .. )  ecki@{,,}
  o--o     *plush*  2048/93600EFD  eckes at irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

More information about the Gnupg-devel mailing list