OpenPGP smartcard with offline primary key
Peter L. Smilde
peter.smilde at smilde-becker.net
Fri Apr 1 13:57:51 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Another question araised while testing my new OpenPGP smartcard:
I have an offline keysigning key and would like to add a signing and an
encryption key to it for online use, with the secret parts of the last
two on the smartcard. So I performed all step as described in the
"OpenPGP smartcard HOWTO", section "Advanced features", subsection
"Using the card only for subkeys".
At the final stage of that subsection, I have the secret signing and
encryption key on the smartcard and I have a secret keyring containing
the secret (primary) keysigning key plus the two stubs for the secret
subkeys on the smartcard.
This is OK for the offline secret keyring. But my online secret keyring
shouldn't contain the secret primary keysigning key (as before).
Removing the complete secret key (primary plus subkey stubs) from my
only keyring is not possible, because then I can't sign or decrypt with
my smartcard keys anymore.
My question: how do I get rid of my secret primary keysigning key while
still being able to use my secret signing and encrytion subkeys from the
Peter L. Smilde
Finther Strasse 6, D-55257 Budenheim, Germany
Tel: +49 6139 5325, Fax: +49 721 151517676
E-Mail: peter.smilde at smilde-becker.net, OpenPGP Key: 0xB0E4BF99
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users