OpenPGP smartcard with offline primary key

Peter L. Smilde peter.smilde at smilde-becker.net
Fri Apr 1 13:57:51 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Another question araised while testing my new OpenPGP smartcard:

I have an offline keysigning key and would like to add a signing and an
encryption key to it for online use, with the secret parts of the last
two on the smartcard. So I performed all step as described in the
"OpenPGP smartcard HOWTO", section "Advanced features", subsection
"Using the card only for subkeys".

At the final stage of that subsection, I have the secret signing and
encryption key on the smartcard and I have a secret keyring containing
the secret (primary) keysigning key plus the two stubs for the secret
subkeys on the smartcard.

This is OK for the offline secret keyring. But my online secret keyring
shouldn't contain the secret primary keysigning key (as before).

Removing the complete secret key (primary plus subkey stubs) from my
only keyring is not possible, because then I can't sign or decrypt with
my smartcard keys anymore.

My question: how do I get rid of my secret primary keysigning key while
still being able to use my secret signing and encrytion subkeys from the
smartcard?

Thanks,

- --

Peter L. Smilde
Finther Strasse 6, D-55257 Budenheim, Germany
Tel: +49 6139 5325, Fax: +49 721 151517676
E-Mail: peter.smilde at smilde-becker.net, OpenPGP Key: 0xB0E4BF99




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCTTc/FCtQzrDkv5kRAu/bAKC5LLlTvFW0BSgXosbtbsI/5rB6LQCgqDZH
ULnuLjUvbgLEyaQE6BABq2c=
=KLcQ
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list