Public keys on smartcard

Astrakan gpgikaros at
Thu Mar 31 21:29:39 CEST 2011

Thank you very much. Now things are perfectly clear.


On 2011-03-31 21:23, David Tomaschik wrote:
> On Thu, Mar 31, 2011 at 3:06 PM, Astrakan <gpgikaros at> wrote:
>> Thank you for your quick response.
>> A couple of follow-up questions:
>> Im noticing that in an "empty" gpg-installation, when I run the
>> --card-edit command, gpg creates the
>> keyring files (0 bytes in size) in the homedir. When I then run the
>> generate command to create keys on the
>> card the keyring-files grow to a couple of bytes in size (secring
>> containing stubs that point to the card, right?) and
>> pubring.gpg containing the public key (since I can encrypt only when the
>> card is not inserted).
>> So even if I generate the keys directly on the smartcard, using
>> --card-edit and generate commands, do
>> the actual public key key mass populate the smart card?
> When you --card-edit and generate, the card generates the key
> internally and stores the (private) key on the card.  secring contains
> the stubs and pubring contains your public key data, trust data, etc.
>> Follow-up question 2:
>> If I "fetch" the public key from a keyserver, on a computer with an
>> empty gpg installation, and import it,
>> does that store the public key on the card or is pubring.gpg created and
>> populated?
>> /Astrakan
> Even doing gpg --card-status generates keyrings, as that imports the
> private key stubs.  Fetching downloads the key to the pubring file.
> The public key is NEVER stored on the card -- as Werner points out,
> the storage space on a smart card is orders of magnitude smaller than
> many user's public keys.

More information about the Gnupg-users mailing list