gpg2 keytocard removes secret key

micah anderson micah at
Tue Feb 17 18:35:09 CET 2015


In the world of gpg1, there were three ways of handling smartcard secret
key material. You could generate the material on the card itself; you
could generate it on your computer and then move it to the smartcard so
it is no longer on your computer; you could generate it on your
computer, but keep the secret key material on your computer (for
whatever reason).

Obviously, some methods are better than others, for different
reasons. There are likely other methods as well.

To move the secret key material to the card, removing it from the
computer, you would simply do a 'keytocard' operation, and then quit and
save. In order to keep the secret key material on the computer, you
would do the same operation, but this time you would *not* save when you
quit. There are a number of tutorials out there that describe this step
as the way to do it.

I discovered yesterday that this third method does not work with gpg2,
when you do the 'keytocard' operation, the secret key material is
removed, you do not have the ability to opt-out of the saving process.

Was this an intentional change in gpg2? I am unsure if it is a
regression/bug, or if it was an intentional change. If it was
intentional, then it is a bit surprising for people who are coming from
the gpg1 world with the knowledge that their secret key would not be
removed (or who were following a tutorial that said this would not
happen, and then it does). While I support pushing people towards not
storing that secret key material on the PC, I think this violates the
law of least astonishment for people coming from gpg1, and the rule of
clarity ("Clarity is better than cleverness"): if this is going to make
these secret keys no longer available on your computer, without that
smartcard present, you should be told this. Perhaps a giant warning
asking you to confirm, would help people not lose their secret key

Fortunately, when I was doing this, I had backups... !

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20150217/dd794216/attachment.sig>

More information about the Gnupg-devel mailing list