OpenPGP smartcard restore

Tristan Williams home at tristanwilliams.com
Tue Jun 13 19:46:48 CEST 2006


On 13Jun06 18:07, zvrba at globalnet.hr wrote:
> On Tue, Jun 13, 2006 at 02:01:27PM +0100, Tristan Williams wrote:
> > I am experimenting with the OpenPGP smartcard. I have two OpenPGP smart
> > cards (smartA and smartB) and I want to verify that I can restore my
> > on-card generated private key should I loose the master card
> > (smartA). I only want to verify that I can do it - not discuss the
> > merits of on-card vs. off-card key generation.
> > 
> > I start with an empty ~/.gnupg
> > 
> > For smartA I have
> > 
> > (1) an on-card generated key
> >
> You can stop here. In order to use card B you need to transfer the PRIVATE
> key from card A to card B. It is _impossible_ to export the private key
> under any circumstances (minus backdoors/implementation bugs in the smart-
> card software). Period. If you want to have the same private key on several
> physical cards, your only option is off-card generation, with import of the
> key afterwards.
> 
> 

Then it makes me wonder what is the purpose of the off card backup
file sk_X.gpg created when the original private key was created via
the on-card method? I can appreciate there might be reasons for not
permitting export of the private key from the card but I did expect
that restoring a private key using the backup file made at key
creation time would be possible. It looks like I was wrong in that
thought.










 






More information about the Gnupg-users mailing list