adding card keys and make them non exportable

Damien Goutte-Gattat dgouttegattat at incenp.org
Tue Sep 29 23:07:11 CEST 2015


On 09/29/2015 09:51 PM, Heiko Folkerts wrote:
> AFAIK the exports contain a valid looking key block.

It *looks like* a valid key block, but--if the keytocard operation was 
indeed successful--it's actually only a "stub" that does not contain any 
private material.

You can check the actual contents of the exported data with the 
--list-packets option:

   $ gpg --list-packets your_exported_private_keys.gpg

Look for the following lines in the output:

   :secret sub key packet:
           [...]
           gnu-divert-to-card S2K, [...]
           serial-number:  <your card serial number>

You should see those lines once for each subkey that you moved to the card.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150929/a1cecba5/attachment.sig>


More information about the Gnupg-users mailing list