Key from smartcard to disk
Werner Koch
wk at gnupg.org
Wed Sep 21 14:17:46 CEST 2005
On Wed, 21 Sep 2005 11:49:25 +0200, Patrick Plattes said:
> this. Please tell me if my presumption is correct. The public key will
> be generated with the aid of the secret key and the secret key never
Public and secret keys are generated at the same, thus they are called
a key pair.
> leave the card, the card must generate the pk. So it's not a missing
> feature in GnuPG instead of the OpenPGP card. Correct?
No.
We send a command "GENERATE" to the card, the card reads this
commands, starts the key generation, and responds with success. Then
we send a command "READ PUBLIC KEY" and the card returns the public
key of the key pari it just generated.
Optionally we may create the *key pair* outside of the card and send
the secret key to the card using a command like "STORE SECRET KEY".
There is no command "READ SECRET KEY". The sapce inside the card
where the secret key is stored is for the outside world a
write-only-memory. Access to this memory is only allowed by the card
itself and through certain fucntion (SIGN, DECRYPT).
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list