restoring SmartCard key with off-card copy

Laurent Jumet laurent.jumet at
Wed Oct 5 11:31:37 CEST 2011

Hello Peter !

Peter Lebbing <peter at> wrote:

> AFAIK, if you create a smartcard key with backup file, this is pretty much
> equivalent: the key is created off-card by GnuPG, and uploaded to the card.
> Only when you choose the option to create a smartcard key without backup
> file will it get generated on card. I concluded this from reading the
> OpenPGP Card spec: I don't see a possibility to generate an on-card key and
> have the secret key material for the backup file, so the only possibility I
> see is that the key is generated by GnuPG and then uploaded to the card.

    In my opinion, a key-to-card key should *never* have an existent backup.
    Purpose of cards is "one man"/"one card", as the card is supposed to identify the man for all purposes. If a backup exists somewhere, that means that *another card* could be emitted, and *another man" than you is walking somewhere and acting exactly as he was you...
    This is a very high risk.

Laurent Jumet
      KeyID: 0xCFAF704C

More information about the Gnupg-users mailing list