Public keys on smartcard

David Shaw dshaw at
Thu Mar 31 21:55:07 CEST 2011

On Mar 31, 2011, at 10:52 AM, Werner Koch wrote:

> On Thu, 31 Mar 2011 15:51, gpgikaros at said:
>> my pubring.gpg/secring.gpg) I must also have a card containing the
>> trustdb-file and perhaps even a gpg.conf file?
> No, you don't need the internal stuff like trustdb and pubring.  Take
> the public key from a keyserver or another resource and import it.  The
> card has a convenient field to store an URL to retrieve the public key
> (actually the keyblock with user ids and signatures).  Use the "fetch"
> sub command of the --card-edit command.
> Cards are way too small to store a non-simple OpenPGP keyblock; many of
> them are over 100k in size.

I've sometimes thought it would be nice to be able to keep the pubring with the smartcard, and since it can't be on the card, it could be on the reader.  There is at least one reader out there (SCM MAXX lite) that combines a SIM-sized reader with 2GB of flash storage in a single USB stick.  I haven't tried it, but it would seem to be a reasonable solution to have everything together in one place.  2GB could store a lot more than just your public keyring, too.


More information about the Gnupg-users mailing list