Separate OpenPGP cards for master key and sub-keys

Pete Stephenson pete at
Mon Jun 3 18:08:28 CEST 2013

On Mon, Jun 3, 2013 at 5:41 AM, Branko Majic <branko at> wrote:
> Hello all,
> I'm looking into setting myself up with some OpenPGP cards, and I'm
> looking into some opinions on using separate OpenPGP card for the
> master key and sub-keys vs using a single OpenPGP card.
> The idea behind this would be that my master OpenPGP card would be kept
> in a safe area (hidden cavern, back home under pillow/mattress and
> similar :), while I'd carry my sub-keys OpenPGP card with me at all
> times and use it for every-day operations.
> In particular, I'm curious to find out if there is any technical
> limitation that I should be aware of if I go with this kind of schema?
> Mainly in terms of how GnuPG handles the OpenPGP cards?
> Does anyone utilise this kind of schema? Or do people go with soft
> token for master key instead?

Using separate smartcards for master and subkeys works perfectly fine
for RSA keys in my experience. I do precisely this with one of my
recent keys.

Here's a general overview of how I did it:

1. Generate primary key on the computer (not directly on the
smartcard), then make appropriate offline backups (e.g. on CD-R) so if
the card is damaged I can still use the key.
2. Transfer the primary key to the smartcard, then delete the primary
key from the computer. I then ran "gpg2 --card-status" to generate the
private key stub that tells GnuGP that the private key for that KeyID
is on the smartcard.
3. Generate subkeys (encryption and signing) on the computer, signing
them with the smartcard-based primary key.
4. Transfer the subkeys to a new smartcard, then deleting the subkeys
from the computer. "gpg2 --card-status" generates the stubs for the
subkeys, as above.

I keep the backups in a physically secure location, including a locked
box in my house and in a safe deposit box at my bank. I'm not really
worried about physical compromise of my keys (I figure if someone's
breaking into my house to steal my keys, I have more important issues
at hand). My use of smartcards is to help reduce the risk of key
compromise due to malware or some other computer-based attack, so
they're kept in my immediate control but not as physically secure
(e.g. in desk drawer, rather than in a locked box).

Your exact strategy might differ slightly: for example, you might want
to generate the keys on the card and never have private key material
on the computer (this also prevents you from making backups), but the
overall process should be similar.

Since the smartcards don't support DSA or ElGamal keys, you can't use
the cards to protect these types of keys (though you can use RSA
subkeys with a DSA primary key). One of my keys is a DSA primary key,
which I keep offline but have the RSA subkeys on a smartcard (I have
three in total). I only use the DSA key for signing/certifying new
subkeys or other people's public keys, then delete it from the


Pete Stephenson

More information about the Gnupg-users mailing list