Problem with x.509 certificate and OpenPGP Card

Werner Koch wk at
Wed Oct 24 14:59:42 CEST 2012

On Wed, 24 Oct 2012 09:39, Freischlad at said:

> As far as I understand the card is capable of storing a complete certificate (sec key and pub key). But this certificate is not supposed to be used with the on card generated key(s). Am I right?

It is up to you how you use it.  GnuPG does not make use of the field.

> So it should be possible to transfer a off card generated key that might be used without scute? But then the key is extractable from the card if one knows the PIN!?

It all depends on how you connect Thunderbird to the card.  We support
the card only via the GnuPG stack.  Scute works on top of this stack.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list