Public keys on smartcard
dshaw at jabberwocky.com
Thu Mar 31 21:39:34 CEST 2011
On Mar 31, 2011, at 3:06 PM, Astrakan wrote:
> Thank you for your quick response.
> A couple of follow-up questions:
> Im noticing that in an "empty" gpg-installation, when I run the
> --card-edit command, gpg creates the
> keyring files (0 bytes in size) in the homedir. When I then run the
> generate command to create keys on the
> card the keyring-files grow to a couple of bytes in size (secring
> containing stubs that point to the card, right?) and
> pubring.gpg containing the public key (since I can encrypt only when the
> card is not inserted).
> So even if I generate the keys directly on the smartcard, using
> --card-edit and generate commands, do
> the actual public key key mass populate the smart card?
The card stores the parameters from the RSA algorithm (i.e. a series of numbers). Some of these numbers are considered public (and can be retrieved from the card), but this is not the same as what people generally call a "public key" in the OpenPGP/GnuPG sense. The OpenPGP public key contains those numbers in a particular format, plus the user ID(s), plus a signature for each user ID, etc.
Basically, the answer to your question is strictly speaking yes, but for practical purposes no.
> Follow-up question 2:
> If I "fetch" the public key from a keyserver, on a computer with an
> empty gpg installation, and import it,
> does that store the public key on the card or is pubring.gpg created and
That just stores the fetched key in your pubring. The card is not modified.
More information about the Gnupg-users