GPG, subkeys smartcard and computer

Stefano Tranquillini stefano.tranquillini at
Sun Feb 19 09:41:24 CET 2017

Sorry for the double messages, I sent the first before subscribing to the
list and I tought it was not forwarded to the mailing list.

 - use tails to genereate master (default settings) and subkeys
 - export the public key and fingerprints
 - backup master to a cold storage
 - export the subkeys for later usage
 - move the subkeys into the laptop

I'll skip the smart card now, I'll only generate and add to it a A subkeys
for accessing ssh in case I'm away of the pc. I think I can have multiple A
subkeys, not like E keys that only the last is used, and use them to ssh
servers if all these subkeys are added to the server

Regarding the rest:

On Fri, Feb 17, 2017 at 3:11 PM, Andrew Gallagher <andrewg at>

> ​... cut ...
> If you run "keytocard" and then save your changes, you will delete the
> on-disk copy of those subkeys. They will only then exist on the
> smartcard. I normally don't recommend this, as it means you have no way
> to back up your E subkey, and if your smartcard breaks you then lose
> access to all data encrypted to it. If you are keeping your master
> offline, there is IMO little extra risk in also keeping an offline
> copy of your E subkey. In order to do this, once you run "keytocard" on
> all three subkeys you should immediately quit gnupg *without saving*.
> This will ensure that the on-disk copy is not deleted.

​wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the
Can't I create a new E (called E2) from my master and decrypt the data? Or
the data encrypted are decriptable only by the exact E (E1 in this case)
that was used to encrypt it?

​Can't I export the subkeys to a file and backup that file​ and then move
the keys to the card? Will I be able to restore the keys if they get lost?

​Sending you a sperarte email for the script (which seems the one you have
on the website)​

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170219/666e5594/attachment.html>

More information about the Gnupg-users mailing list