Key from smartcard to disk

Werner Koch wk at
Wed Sep 21 14:17:46 CEST 2005

On Wed, 21 Sep 2005 11:49:25 +0200, Patrick Plattes said:

> this. Please tell me if my presumption is correct. The public key will
> be generated with the aid of the secret key and the secret key never

Public and secret keys are generated at the same, thus they are called
a key pair.

> leave the card, the card must generate the pk. So it's not a missing
> feature in GnuPG instead of the OpenPGP card. Correct?


We send a command "GENERATE" to the card, the card reads this
commands, starts the key generation, and responds with success.  Then
we send a command "READ PUBLIC KEY" and the card returns the public
key of the key pari it just generated.  

Optionally we may create the *key pair* outside of the card and send
the secret key to the card using a command like "STORE SECRET KEY".

There is no command "READ SECRET KEY".  The sapce inside the card
where the secret key is stored is for the outside world a
write-only-memory.  Access to this memory is only allowed by the card
itself and through certain fucntion (SIGN, DECRYPT).



More information about the Gnupg-users mailing list