Cant get Fellowship card to work
mcse83 at hotmail.com
Mon Sep 7 18:41:49 CEST 2009
I think I should provide a bit more information about my setup, I am
REALLY confused now (lol):
Vista Home Premium with SP2
SCR3340 ExpressCard Reader
OpenPGP 2.0 smart card
Currently I subscribe to Hushmail for my email. I use
Thunderbird/Enigmail/GPG to be able to send/receive encrypted/signed PGP
email using their service. I have been doing this for about 2 years now
and I keep the private key on my laptops (encrypted) drive.
After much reading about the OpenPGP 2.0 card I knew I had to have one
;-)) So I bought one the week it was released.
I have been playing around with the card today as I have the day off
work but it seems to have me lost as to how it works.
I generated a test key pair on the OpenPGP card. My understanding of the
reason for doing this was that it was the most secure way as the private
key never touches your hard drive and its ONLY present on the OpenPGP
card (which you can only access with the correct PIN).
Heres were I am confused. When I go into "Key Management" in Thunderbird
(under the OpenPGP menu) I can see my new key pair listed there even if
I remove the OpenPGP card from the reader?! Also, if the cards removed
from the reader, I can right click the new key pair in "Key Management"
and select "Export keys to file" and it even saves the secret key to the
file on my hard drive!!! I thought the whole point of having the key
generated ON the OpenPGP card was so that it was secure (by never being
on the hard drive)? Whats the point if I can save a copy of it from "Key
Management" WHILE the OpenPGP card is not in the reader?
The other things is, how do I know when I look at my private keys in
"Key Management" which ones are on the OpenPGP card and which ones are
stored locally on my hard drive? When I sign/encrypt a test email I
don't know for sure if its using the private key off the hard drive or
OpenPGP 2.0 card.
If anyone can shed some light on this I would greatly appreciate it! I
really want to store my Hushmail 2048bit private key on the OpenPGP 2.0
card and access it via the PIN only rather than use the current way I
have it configured (ie: private key stored locally on hard drive with no
smart card). I thought it would be as easy as copying the Hushmail
private key onto the OpenPGP 2.0 card and telling Thunderbird to use the
private key from the smart card rather than the hard drive key...
On another note, is it possible to completely erase all key on the
OpenPGP 2.0 card once I have finished testing them?
More information about the Gnupg-users