Generating smart-card stubs on a clean computer? and how to get the public key for a key on the card?

Werner Koch wk at
Thu Oct 2 21:13:29 CEST 2014

On Thu,  2 Oct 2014 14:40, mail at said:

> But what if you_don't have the public key (for your key on the smart
> card) available ?__

You need the public key becuase it carries all the nifty OpenPGP thinks
like key signatures.  However, if you really lost the public key and you
need it back, it is possible to re-create the public key with the same
fingerprint.  There is no code for this, you need to hack the

What you need is the creation timestamp and the public key parameters
from the card.  You can gather this information using 

  $ gpg-connect-agent
  > scd learn --force
  S SERIALNO D276000124010101000100xxxxxxxxxx  0
  S KEY-TIME 1 1136130759
  S KEY-TIME 2 1136132140
  S KEY-TIME 3 1136131786
  > /decode
  > /hex
  > scd readkey OPENPGP.1
  D[0000]  28 31 30 3A 70 75 62 6C  69 63 2D 6B 65 79 28 33   (10:public-key(3
  D[0010]  3A 72 73 61 28 31 3A 6E  31 32 39 3A 00 D0 99 19   :rsa(1:n129:....
Take the creation time from the KEY-TIME lines.  I used /decode and /hex
above only for readability.  You should use 

  > /datafile out
  > scd readkey OPENPGP.1
  > /bye

instead which writes the s-expression with the public key to the file
"out".  The Libgcrypt functions take those s-expressions as arguments.
Now you need to feed it to gpg to create the public key part and the
self-signatures.  You may want to add this as a feature request to the



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list