Public keys on smartcard

Astrakan gpgikaros at
Thu Mar 31 21:06:37 CEST 2011

Thank you for your quick response.

A couple of follow-up questions:
Im noticing that in an "empty" gpg-installation, when I run the
--card-edit command, gpg creates the
keyring files (0 bytes in size) in the homedir. When I then run the
generate command to create keys on the
card the keyring-files grow to a couple of bytes in size (secring
containing stubs that point to the card, right?) and
pubring.gpg containing the public key (since I can encrypt only when the
card is not inserted).

So even if I generate the keys directly on the smartcard, using
--card-edit and generate commands, do
the actual public key key mass populate the smart card?

Follow-up question 2:
If I "fetch" the public key from a keyserver, on a computer with an
empty gpg installation, and import it,
does that store the public key on the card or is pubring.gpg created and


On 2011-03-31 16:52, Werner Koch wrote:
> On Thu, 31 Mar 2011 15:51, gpgikaros at said:
>> my pubring.gpg/secring.gpg) I must also have a card containing the
>> trustdb-file and perhaps even a gpg.conf file?
> No, you don't need the internal stuff like trustdb and pubring.  Take
> the public key from a keyserver or another resource and import it.  The
> card has a convenient field to store an URL to retrieve the public key
> (actually the keyblock with user ids and signatures).  Use the "fetch"
> sub command of the --card-edit command.
> Cards are way too small to store a non-simple OpenPGP keyblock; many of
> them are over 100k in size.
> Salam-Shalom,
>    Werner

More information about the Gnupg-users mailing list