OpenPGP 2.0 and Hushmail keys

David Shaw dshaw at jabberwocky.com
Thu Sep 10 18:17:35 CEST 2009


On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:

> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>> From what I understand Hushmail is based on OpenPGP so it should  
>> work.
> The key I have from my Hushmail account is 2048bit in length but  
> once I
> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
> anymore, any idea why?

It should work fine.  It sounds like a different sort of problem.

> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will
> anyone be able to export or copy the private key (if the OpenPGP  
> card is
> NOT inserted in the reader)? Does GPG write a copy of the keys  
> anywhere
> else besides on the card?

No, but there is a stub secret key that lives in the usual secret  
keyring.  This isn't a true secret key (it does not contain the actual  
key data), but is the OpenPGP information (user IDs and other things),  
along with a pointer that says "the key is on smartcard XYZ".

So if they can get ahold of your computer, someone could steal this  
stub, but there is nothing secret about it, and it won't do them any  
good.

David




More information about the Gnupg-users mailing list