OpenPGP card && exporting secret keys

Matthias Apitz guru at
Tue Feb 6 06:47:23 CET 2018


I'm using an OpenPGP card and gnupg 2.1.19 on my FreeBSD workstations
and my Ubuntu mobile device to store crypted passwords (tool: password-store),
to lock/unlock desktop sessions and to sign emails. This is all working
fine and without any hick-ups.

What makes me worry, is that single point of failure: the OpenPGP card.

While I do backups of alls the encrypted password files, they would be
all useless in case of lost/teft of the token or hardware fault of the SIM

What I do at the moment is something like:

$ find ~/.password-store -name '*.gpg' -exec printf "%s:\n" {} \;
  -and -exec gpg2 -d {} 2> /dev/null \; 
  -and -exec echo \; > /tmp/clear-password-store.txt

$ gpg -ea /tmp/clear-password-store.txt
$ mv /tmp/clear-password-store.txt.asc $GNUPGHOME
$ rm -P /tmp/clear-password-store.txt

where the other GNUPGHOME contains secret and pub-keys created for this
special purpose and living outside (i.e. without) the OpenPGP card.
ANd in case of lost/teft of the token I could recover at least all
passwords again...

Is there any way to export the secret keys from the OpenPGP card to use
them directly (with a passphrase) and without the OpenPGP card?



Matthias Apitz, ✉ guru at, ⌂  📱 +49-176-38902045
Public GnuPG key:

Thanks to the Soviet Army for the Victory in Stalingrad! -- Победа в Сталинградской битве!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list