Duplicating smartcard

Pete Stephenson pete at heypete.com
Sun Nov 10 13:02:33 CET 2013


On Sun, Nov 10, 2013 at 11:50 AM, Alexander Truemper
<hasgarion at hellshell.de> wrote:
> Hello everyone,
>
> since I could not reveal anything useful on google, here my question.
>
> I want to have a safe backup of my smartcard which contains my primary
> key and two subkeys.

Did you generate the keys on the smartcard, or did you generate them
on the computer and then later transfer them to the smartcard?

If you generated them on the card itself, you cannot backup the keys.

If you generated them on the computer, you can back up the keys to
other media prior to transferring the keys to the smartcard. Once
they're on the card the private keys cannot be exported.

> I guessed the private keys can not be exported as it would make no
> sense then to have a smartcard.

Correct.

> But if I run 'gpg --export-secret-keys' for my keys, it actually seems
> to export the private keys according to pgpdump.
>
> How can this be? (I see no smartcard activity on the terminal and no
> PIN is asked)

It exports the "stub" private keys that, in essence, say "The actual
private keys exist on the smartcard with $SERIAL_NUMBER". These stubs
are not private at all, and contain no actual key material.

Cheers!
-Pete



More information about the Gnupg-users mailing list