Testing with card, some questions

J. Ottosson j-001 at ottosson.nu
Tue Nov 16 11:05:05 CET 2010


I have tested a little with the openpgp card v2 and have some thoughts.

First, I'm quite impressed, lightning fast delivery of the stuff and the hw seem 
to work perfectly.

It took like 10s to get the reader to work, no drivers installed on this 64 bit 
2003 R2 server I was sitting on, impressive. (Thanx to the internal CCID driver 
I presume?).

I generated keys ON the card, worked without problems. I chose the option to 
save backup during generation, first question I think (even though this was a 
test key) and that worked, I guess, even though I wasn't able to decrypt the 
file afterwards, but I only spent a few seconds on that particular issue.

One thing that puzzled me afterwards is that I seem to be able to make a 
_backup_ of the onboard keys from GPA GUI, just as from any other keys.

Even more puzzling (which lead me to believe that the backup just mentioned 
above was not made from card?) is that after having removed the card I could 
still see the card details(!).

It appears to me that the card-generated secret key, indeed all keys, have been 
imported into the ordinary key rings somehow.

Looking at --list-keys and --list-secret-keys seem to verify that..

At which point did I merge/import the card-generated private key into the .gpg 
secret keyring? This was not something I thought I actually did, which means I 
have to verify what happened before I start using the card for real stuff :)

So what did I miss here? 

The installation used is a GPG4WIN with GnuPG 2.0.14 on a 64 bit Windows server. 
The reader is a SCR335.



More information about the Gnupg-users mailing list