Generating smart-card stubs on a clean computer?

Grant Olson kgo at
Wed Sep 1 05:28:48 CEST 2010

On 8/31/10 10:56 PM, Doug Barton wrote:
> On 8/31/2010 6:34 PM, Grant Olson wrote:
> | I can find docs on generating a key on a smart card, and migrating an
> | existing key to the smart card.  But I can't figure out how to configure
> | the smart card on a clean machine that never had my secret keys.
> |
> | The card has both signing and encryption keys on it.  The drivers are
> | installed.  I'm running gpg2 (via gpg4win) on a Windows XP box.
> |
> | --card-status and --card-edit work.  But if I try to sign something, I'm
> | told I don't have any secret keys.  How do I get stubs to show up in the
> | local gpg configuration?
> |
> | Does anyone know how I can do this?
> If you run 'gpg --edit-key 0xyourkeyid' does it show that the key is
> ultimately trusted? If not, edit your trust level and try again.
> Doug

I guess the issue is that I don't have a key at all on the new machine.

I thought I could run some magic command that'd load the stubs for my
smartcard keys into my secret keyring.

If I manually export the stub keys from my 'good' machine, and import
them onto the new machine, things work.  But that seems clunky.  Now I
need to carry around my smart-card, and a USB stick with the key stubs,
to configure a new machine.

If that's what I have to do, I guess that's what I have to do.  But I
thought there'd be an easier way to get things workingÍ, using nothing
but the smartcard.


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100831/5562787f/attachment.pgp>

More information about the Gnupg-users mailing list