Accessing the private DOs of the smartcard

Sven Radde email at
Wed Apr 9 12:46:17 CEST 2008

Hello GnuPG users,

Is there a convenient way to access the data objects of the OpenPGP 
smartcard? The best thing I know is to use "gpg --card-edit" to get at 
the PIN-protected DOs, which is cumbersome and does not give a very 
machine-friendly output...

What I am thinking of is the following:
The card with its PIN counters represents a protection against brute 
force attempts, that is not available to other software-only crypto 
applications like EncFS, Truecrypt etc. Consequently, the card PIN can 
be shorter than the overlong passphrases needed to secure those 
Now, it would be really nice to store a long passphrase into one of the 
PIN-protected data objects and have the possibility to pipe that to one 
of those applications.
This way, e.g., a Truecrypt volume would be protected by a very long 
passphrase, while the owner has the convenience of "unlocking" that 
passphrase using his/her shorter smartcard PIN.

Can this be accomplished using some scripting? Or may I suggest to add 
"--card-do1" through "--card-do4" as new commands to GnuPG which would 
print the respective string to standard output after asking for the PIN 
when applicable?

Thanks for listening :-)

More information about the Gnupg-users mailing list