OpenPGP smartcard with offline primary key

Peter L. Smilde peter.smilde at
Fri Apr 1 13:57:51 CEST 2005

Hash: SHA1


Another question araised while testing my new OpenPGP smartcard:

I have an offline keysigning key and would like to add a signing and an
encryption key to it for online use, with the secret parts of the last
two on the smartcard. So I performed all step as described in the
"OpenPGP smartcard HOWTO", section "Advanced features", subsection
"Using the card only for subkeys".

At the final stage of that subsection, I have the secret signing and
encryption key on the smartcard and I have a secret keyring containing
the secret (primary) keysigning key plus the two stubs for the secret
subkeys on the smartcard.

This is OK for the offline secret keyring. But my online secret keyring
shouldn't contain the secret primary keysigning key (as before).

Removing the complete secret key (primary plus subkey stubs) from my
only keyring is not possible, because then I can't sign or decrypt with
my smartcard keys anymore.

My question: how do I get rid of my secret primary keysigning key while
still being able to use my secret signing and encrytion subkeys from the


- --

Peter L. Smilde
Finther Strasse 6, D-55257 Budenheim, Germany
Tel: +49 6139 5325, Fax: +49 721 151517676
E-Mail: peter.smilde at, OpenPGP Key: 0xB0E4BF99

Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list