Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys

Pete Stephenson pete at heypete.com
Sat Apr 5 22:09:58 CEST 2014


On Sat, Apr 5, 2014 at 3:57 PM, Florian Wolters
<florian at florian-wolters.de> wrote:
> But concerning the keys I got another question:  How can I tell gnupg to
> use keys that are already stored on the card? I do have my private key
> on the card already and want to use this card on another computer? Do I
> have to import my keypair again and then "keytocard"?
>
> Or can I tell gnupg somehow to use the key already existing on the card?

When you run "keytocard" the private key is moved to the card and then
the private key on the computer is then replaced with a "stub" that
says "The private key is located on the smartcard with a serial number
of $SERIAL_NUMBER" so GnuPG knows where to look and, if the card is
not present, prompt you for the right card. (Be sure you have a backup
of your actual private key before running "keytocard", if that's
something you'd like to do.)

As far as I know, there are two options for setting up a second system
to have the stub without actually needing to import your actual
private key:

1. You can export the stub "private" key (I use quotes because unlike
a real private key, the stub is not sensitive information) from your
first computer and then import it into the second just as you would do
if you were importing any other private key.

2. Import only the your public key to the second computer, then insert
the smartcard and run "gpg --card-status". This will detect the card
and generate the appropriate stub. This is the method I usually do.

Cheers!
-Pete

-- 
Pete Stephenson



More information about the Gnupg-users mailing list