How do I make the private key on a OpenPGP smartcard non exportable ?
ndk.clanbo at gmail.com
Mon Jun 17 23:31:52 CEST 2013
Il 17/06/2013 20:22, T L ha scritto:
> Under GPA in windows there is a option to backup the private key from a
> OpenPGP smartcard.
The smartcard protocol of a standard OpenPGP card doesn't allow it.
MyPGPid card will allow a controlled export.
> My understanding is that one of the main purposes of
> smartcard use is to prevent the private key from being exported and
> force cryptographic operations through the card.
Roughly speaking, yes.
> Is there a method of
> setting the private key non exportable that I am unaware of ?
If the key is generated on-card, you have no way to backup it. No need
for "unexportable" flag: simply there's no command to export it.
> If not then what am I missing ?
The whole point of using a smartcard? :)
> How is this more secure than a password protected file ?
Since the key is never available to the host, there's no way a malicious
software can copy it.
More information about the Gnupg-users