OpenPGP card && exporting secret keys

Peter Lebbing peter at
Tue Feb 6 11:03:19 CET 2018

On 06/02/18 06:47, Matthias Apitz wrote:
> Is there any way to export the secret keys from the OpenPGP card to use
> them directly (with a passphrase) and without the OpenPGP card?

You need to do it the other way around: you need to create on-disk keys
and export them to a card. It is explicitly not possible to get a secret
key /from/ an OpenPGP card.

If you chose to have a backup of your encryption key while generating
card keys, this is what actually happens for the encryption key, but in
a streamlined process. The backup file that is created in that way can
be used to populate a new OpenPGP card once your current one breaks, but
only for the encryption subkey. It contains the actual private key material.

I think it will generate signature and authentication keys on the card;
I don't use this mode because I have more trust in GnuPG's random number
generator than any RNG on a smartcard. So I always just create an
on-disk key, back that up, and subsequently move the keys to the card.
Obviously you need to think about data left on disk after removal of
files; I'm just giving a quick outline. Hint: I don't have a hard disk
plugged into the system I'm using to do this.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list