adding card keys and make them non exportable
Damien Goutte-Gattat
dgouttegattat at incenp.org
Tue Sep 29 23:07:11 CEST 2015
On 09/29/2015 09:51 PM, Heiko Folkerts wrote:
> AFAIK the exports contain a valid looking key block.
It *looks like* a valid key block, but--if the keytocard operation was
indeed successful--it's actually only a "stub" that does not contain any
private material.
You can check the actual contents of the exported data with the
--list-packets option:
$ gpg --list-packets your_exported_private_keys.gpg
Look for the following lines in the output:
:secret sub key packet:
[...]
gnu-divert-to-card S2K, [...]
serial-number: <your card serial number>
You should see those lines once for each subkey that you moved to the card.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150929/a1cecba5/attachment.sig>
More information about the Gnupg-users
mailing list