On Tue, Jun 13, 2006 at 06:46:48PM +0100, Tristan Williams wrote: > On 13Jun06 18:07, [EMAIL PROTECTED] wrote: > > On Tue, Jun 13, 2006 at 02:01:27PM +0100, Tristan Williams wrote: > > > I am experimenting with the OpenPGP smartcard. I have two OpenPGP smart > > > cards (smartA and smartB) and I want to verify that I can restore my > > > on-card generated private key should I loose the master card > > > (smartA). I only want to verify that I can do it - not discuss the > > > merits of on-card vs. off-card key generation. > > > > > > I start with an empty ~/.gnupg > > > > > > For smartA I have > > > > > > (1) an on-card generated key > > > > > You can stop here. In order to use card B you need to transfer the PRIVATE > > key from card A to card B. It is _impossible_ to export the private key > > under any circumstances (minus backdoors/implementation bugs in the smart- > > card software). Period. If you want to have the same private key on several > > physical cards, your only option is off-card generation, with import of the > > key afterwards. > > > > > > Then it makes me wonder what is the purpose of the off card backup > file sk_X.gpg created when the original private key was created via > the on-card method? I can appreciate there might be reasons for not > permitting export of the private key from the card but I did expect > that restoring a private key using the backup file made at key > creation time would be possible. It looks like I was wrong in that > thought.
There is a little misunderstanding here. When you generate a card key with off-card backup, the key is not generated via the on-card method. The key is generated like any other key, and then uploaded to the card (and saved to the backup file). The card does not allow reading a secret key off the card, so if you really generated it on-card, there would be no way of making the backup file. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
