How do I make the private key on a OpenPGP smartcard non exportable ?

Heinz Diehl htd at
Sat Jun 22 09:35:06 CEST 2013

On 20.06.2013, Henry Hertz Hobbit wrote: 

> Try the backup from GPA's menu.  I doubt you will get anything
> that can be exported. If you get a backupg.gpg (or similar), then try
> importing your secret keys onto a second system with GPGWIN installed.

The thing is, if there's a command to export the private keyring,
you're hosed. Somebody who has access to your machine could simply
install his own software.

Besides: what would you do if you had discovered that somebody had
gained root-access to your machine? I bet you would use your
revocation certificate anyway.

> Let's say your machine gets infected.  Let's also suppose that a
> key logger has been installed.

Then, your PIN and passphrase is known to the adversary, and you're
f*cked up.

The whole point with a smartcard is that it's a lot easier to memorize
the PIN than a long and complicated passphrase, and that the private
key can't be exported. If it can, there's no need for a smartcard.

More information about the Gnupg-users mailing list