Public keys on smartcard

Astrakan gpgikaros at armax.se
Thu Mar 31 21:06:37 CEST 2011


Thank you for your quick response.

A couple of follow-up questions:
Im noticing that in an "empty" gpg-installation, when I run the
--card-edit command, gpg creates the
keyring files (0 bytes in size) in the homedir. When I then run the
generate command to create keys on the
card the keyring-files grow to a couple of bytes in size (secring
containing stubs that point to the card, right?) and
pubring.gpg containing the public key (since I can encrypt only when the
card is not inserted).

So even if I generate the keys directly on the smartcard, using
--card-edit and generate commands, do
the actual public key key mass populate the smart card?


Follow-up question 2:
If I "fetch" the public key from a keyserver, on a computer with an
empty gpg installation, and import it,
does that store the public key on the card or is pubring.gpg created and
populated?

/Astrakan


On 2011-03-31 16:52, Werner Koch wrote:
> On Thu, 31 Mar 2011 15:51, gpgikaros at armax.se said:
>
>> my pubring.gpg/secring.gpg) I must also have a card containing the
>> trustdb-file and perhaps even a gpg.conf file?
> No, you don't need the internal stuff like trustdb and pubring.  Take
> the public key from a keyserver or another resource and import it.  The
> card has a convenient field to store an URL to retrieve the public key
> (actually the keyblock with user ids and signatures).  Use the "fetch"
> sub command of the --card-edit command.
>
> Cards are way too small to store a non-simple OpenPGP keyblock; many of
> them are over 100k in size.
>
>
> Salam-Shalom,
>
>    Werner
>




More information about the Gnupg-users mailing list