OpenPGP 2.0 and Hushmail keys

Sean Wilson mcse83 at hotmail.com
Thu Sep 10 18:53:25 CEST 2009


Thanks for the reply!

How do I troubleshoot the issue I am experiencing with my Hushmail keys
on the OpenPGP 2.0 card not being able to decrypt my mail?

Are you sure about what you said below regarding the stub and the
secret/private key? I just generated a test key pair on the OpenPGP 2.0
card and then removed the card from the reader. When I go into key
management in Thunderbird and select the newly created key and select
"export keys to file" it says:

Do you want to include the secret key in the saved OpenPGP key file?

So I click " Export secret keys" and it saves it to a .asc file. If I
open this in notepad it looks as follows (this is a test key so I don't
mind posting it here as it will be deleted and is for testing purposes
only):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (MingW32)

mI0ESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG
8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek
xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAG0
JHN3QHRlc3QuY29tIChURVNUIDAwMykgPHN3QHRlc3QuY29tPoi4BBMBAgAiBQJK
qSpiAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBEbTBUCVZGxk1OA/9e
Bx0CJfn07D3YUZiVgVdqhz4aKom7QiQtLmJRZoasToKs3cq5UInMwu8DlMm+FHd0
0jgvlVTSsp/wfcGHM3s77rD/6mJmPsGNaBsLUFouyRbbAm4IhAAKTqjbWgwORjF9
ffOWy28GTXwp9vGACu2kIDSvRhFPhHzPs5Ssieq1PriNBEqpKmIBBACkoagKVkIU
+3ugbhTty3xQQ/7uQUmWGIcoUu/nWtitswK0KHO6sOD+pVAm2C8KqYTxVLgJcfrq
XUAkB/CDbo1NIDONdBuPR8yxOh+BRjpGEKdW887y1C2k7dVM9HX4001AEcOo3lQD
s/jKfn5wLqYUhbHFEOxkqQvpbmkBs1we0wARAQABiJ4EGAECAAkFAkqpKmICGyAA
CgkQRG0wVAlWRsalyAP2Lb29wtB7h84dKb4dg28Wgq0jd7ZisLhJNn8hjlTUcYK8
q0BbXXLkpVgt8JWYXubmQbXsHLMipab3qQAryGU9v6eH+VeRV4E4L/G9hJOuqaQs
ySHj61iLaI6GSAo3maVRnJwFSyX5zIHo2bIlpQWQtqvp2cw/YwhSVgJcHoQcV7iN
BEqpKmIBBACRYDxMNqTMOdoAeRHG8AOnzhhBCCXSVI0ErZ7t3xs67vd7S4JmZcMd
wj80CKCNSH56iDHRGWbgJ7x5a2ngl41vspFOgOxeb90YTN+k6W8CfCB/Rah4crQQ
U0RtoKoghia6AyRstMLNjxXssKM4So2PzaUVZkkj6F4g1EY374qF7wARAQABiJ8E
GAECAAkFAkqpKmICGwwACgkQRG0wVAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl
1cUmagZNgBeCMP2n1vj4fqcEkRLgE1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJ
WCJnD2xrjuqhVX6uYeECfMS36k5bxPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p
/sFdiVsSWXO9wCETPPQ=
=zTSa
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (MingW32)

lKYESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG
8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek
xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAH/
AGUAR05VAhDSdgABJAECAAAFAAAAQwAAtCRzd0B0ZXN0LmNvbSAoVEVTVCAwMDMp
IDxzd0B0ZXN0LmNvbT6IuAQTAQIAIgUCSqkqYgIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQRG0wVAlWRsZNTgP/XgcdAiX59Ow92FGYlYFXaoc+GiqJu0Ik
LS5iUWaGrE6CrN3KuVCJzMLvA5TJvhR3dNI4L5VU0rKf8H3BhzN7O+6w/+piZj7B
jWgbC1BaLskW2wJuCIQACk6o21oMDkYxfX3zlstvBk18KfbxgArtpCA0r0YRT4R8
z7OUrInqtT6cpgRKqSpiAQQApKGoClZCFPt7oG4U7ct8UEP+7kFJlhiHKFLv51rY
rbMCtChzurDg/qVQJtgvCqmE8VS4CXH66l1AJAfwg26NTSAzjXQbj0fMsTofgUY6
RhCnVvPO8tQtpO3VTPR1+NNNQBHDqN5UA7P4yn5+cC6mFIWxxRDsZKkL6W5pAbNc
HtMAEQEAAf8AZQBHTlUCENJ2AAEkAQIAAAUAAABDAACIngQYAQIACQUCSqkqYgIb
IAAKCRBEbTBUCVZGxqXIA/Ytvb3C0HuHzh0pvh2DbxaCrSN3tmKwuEk2fyGOVNRx
gryrQFtdcuSlWC3wlZhe5uZBtewcsyKlpvepACvIZT2/p4f5V5FXgTgv8b2Ek66p
pCzJIePrWItojoZICjeZpVGcnAVLJfnMgejZsiWlBZC2q+nZzD9jCFJWAlwehBxX
nKYESqkqYgEEAJFgPEw2pMw52gB5EcbwA6fOGEEIJdJUjQStnu3fGzru93tLgmZl
wx3CPzQIoI1IfnqIMdEZZuAnvHlraeCXjW+ykU6A7F5v3RhM36TpbwJ8IH9FqHhy
tBBTRG2gqiCGJroDJGy0ws2PFeywozhKjY/NpRVmSSPoXiDURjfvioXvABEBAAH/
AGUAR05VAhDSdgABJAECAAAFAAAAQwAAiJ8EGAECAAkFAkqpKmICGwwACgkQRG0w
VAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl1cUmagZNgBeCMP2n1vj4fqcEkRLg
E1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJWCJnD2xrjuqhVX6uYeECfMS36k5b
xPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p/sFdiVsSWXO9wCETPPQ=
=Ol1j
-----END PGP PRIVATE KEY BLOCK-----


If I open my Hushmail keys in notepad it looks familiar to the test key
I have exported from key management (with the card not inserted in the
reader)!

I am battling to understand this as I thought generating a key pair on
the openPGP card itself was as secure as can be as your private key ONLY
exists on the card itself and is not available anywhere else (ie: on
your hard drive for export).


David Shaw wrote:
> On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
>
>> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>>> From what I understand Hushmail is based on OpenPGP so it should work.
>> The key I have from my Hushmail account is 2048bit in length but once I
>> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
>> anymore, any idea why?
>
> It should work fine.  It sounds like a different sort of problem.
>
>> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will
>> anyone be able to export or copy the private key (if the OpenPGP card is
>> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere
>> else besides on the card?
>
> No, but there is a stub secret key that lives in the usual secret
> keyring.  This isn't a true secret key (it does not contain the actual
> key data), but is the OpenPGP information (user IDs and other things),
> along with a pointer that says "the key is on smartcard XYZ".
>
> So if they can get ahold of your computer, someone could steal this
> stub, but there is nothing secret about it, and it won't do them any
> good.
>
> David
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5590 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20090910/ef234fa3/attachment.bin>


More information about the Gnupg-users mailing list