Question about getting started with PGP and smart cards

Andrew Gallagher andrewg at
Tue Mar 1 12:20:41 CET 2016

On 01/03/16 00:14, Joshua Terrill wrote:
> Thanks for the replies, everyone. So what about a solution like Yubikey
> NEO? I read on their site that you can generate a keypair and put it on
> the yubikey. But what I'm a little confused about is, once you have the
> public and private key on the card, how do you use it to
> encrypt/sign/decrypt things? Excuse my lack of knowledge on this. It all
> seems pretty cool, and I'm just trying to wrap my head around it.

Only the private keys go on the card. Public keys are intended to be
public. ;-)

A yubikey Neo will work in the same way as a PGP smartcard, the main
difference being that you can directly connect it to a USB port without
a smartcard reader.

If you have your private subkeys on a smartcard, you can sign and
decrypt in the normal fashion so long as the smartcard is plugged in.
You don't need the card for encryption or verification, as these are
done (by other people!) using your public key.

If you run "gpg2 --card-status" when you plug the card in for the first
time, gpg will remember to check the card for those subkeys in the
future. You will also need a copy of your public key on the same machine
- depending on where you generated your private key this may not be
automatic. You can fix this by running "gpg2 --card-edit fetch" with the
card plugged in.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160301/c9f72cf8/attachment.sig>

More information about the Gnupg-users mailing list