OpenPGP smartcard restore

zvrba at globalnet.hr zvrba at globalnet.hr
Tue Jun 13 18:07:57 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Tue, Jun 13, 2006 at 02:01:27PM +0100, Tristan Williams wrote:
> I am experimenting with the OpenPGP smartcard. I have two OpenPGP smart
> cards (smartA and smartB) and I want to verify that I can restore my
> on-card generated private key should I loose the master card
> (smartA). I only want to verify that I can do it - not discuss the
> merits of on-card vs. off-card key generation.
> 
> I start with an empty ~/.gnupg
> 
> For smartA I have
> 
> (1) an on-card generated key
>
You can stop here. In order to use card B you need to transfer the PRIVATE
key from card A to card B. It is _impossible_ to export the private key
under any circumstances (minus backdoors/implementation bugs in the smart-
card software). Period. If you want to have the same private key on several
physical cards, your only option is off-card generation, with import of the
key afterwards.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEjuLdFtofFpCIfhMRA76IAJwPcBSIb0J2F07FMIwBxE/FGXso/QCcC8xq
mBs0HDxYJudS0YWpz6O9XEA=
=e9hh
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list