Thanks for the reply! How do I troubleshoot the issue I am experiencing with my Hushmail keys on the OpenPGP 2.0 card not being able to decrypt my mail?
Are you sure about what you said below regarding the stub and the secret/private key? I just generated a test key pair on the OpenPGP 2.0 card and then removed the card from the reader. When I go into key management in Thunderbird and select the newly created key and select "export keys to file" it says: Do you want to include the secret key in the saved OpenPGP key file? So I click " Export secret keys" and it saves it to a .asc file. If I open this in notepad it looks as follows (this is a test key so I don't mind posting it here as it will be deleted and is for testing purposes only): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (MingW32) mI0ESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG 8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAG0 JHN3QHRlc3QuY29tIChURVNUIDAwMykgPHN3QHRlc3QuY29tPoi4BBMBAgAiBQJK qSpiAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBEbTBUCVZGxk1OA/9e Bx0CJfn07D3YUZiVgVdqhz4aKom7QiQtLmJRZoasToKs3cq5UInMwu8DlMm+FHd0 0jgvlVTSsp/wfcGHM3s77rD/6mJmPsGNaBsLUFouyRbbAm4IhAAKTqjbWgwORjF9 ffOWy28GTXwp9vGACu2kIDSvRhFPhHzPs5Ssieq1PriNBEqpKmIBBACkoagKVkIU +3ugbhTty3xQQ/7uQUmWGIcoUu/nWtitswK0KHO6sOD+pVAm2C8KqYTxVLgJcfrq XUAkB/CDbo1NIDONdBuPR8yxOh+BRjpGEKdW887y1C2k7dVM9HX4001AEcOo3lQD s/jKfn5wLqYUhbHFEOxkqQvpbmkBs1we0wARAQABiJ4EGAECAAkFAkqpKmICGyAA CgkQRG0wVAlWRsalyAP2Lb29wtB7h84dKb4dg28Wgq0jd7ZisLhJNn8hjlTUcYK8 q0BbXXLkpVgt8JWYXubmQbXsHLMipab3qQAryGU9v6eH+VeRV4E4L/G9hJOuqaQs ySHj61iLaI6GSAo3maVRnJwFSyX5zIHo2bIlpQWQtqvp2cw/YwhSVgJcHoQcV7iN BEqpKmIBBACRYDxMNqTMOdoAeRHG8AOnzhhBCCXSVI0ErZ7t3xs67vd7S4JmZcMd wj80CKCNSH56iDHRGWbgJ7x5a2ngl41vspFOgOxeb90YTN+k6W8CfCB/Rah4crQQ U0RtoKoghia6AyRstMLNjxXssKM4So2PzaUVZkkj6F4g1EY374qF7wARAQABiJ8E GAECAAkFAkqpKmICGwwACgkQRG0wVAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl 1cUmagZNgBeCMP2n1vj4fqcEkRLgE1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJ WCJnD2xrjuqhVX6uYeECfMS36k5bxPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p /sFdiVsSWXO9wCETPPQ= =zTSa -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (MingW32) lKYESqkqYgEEAIYhqEhZZee+zfPk2b782y+KvWswD38+6upjGP0wz/hq3iazMZLG 8YZKTQ81GIaKptl3Ke0hBEKVLBlU97Sf0ijUclUtZU6AVn+uscFAw7MiH9a+Lzek xYWlA9ITrlz4BVTmc78yFr9SC/ntcX1a7fovKMg6nDgogcEXi1RAN0nFABEBAAH/ AGUAR05VAhDSdgABJAECAAAFAAAAQwAAtCRzd0B0ZXN0LmNvbSAoVEVTVCAwMDMp IDxzd0B0ZXN0LmNvbT6IuAQTAQIAIgUCSqkqYgIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQRG0wVAlWRsZNTgP/XgcdAiX59Ow92FGYlYFXaoc+GiqJu0Ik LS5iUWaGrE6CrN3KuVCJzMLvA5TJvhR3dNI4L5VU0rKf8H3BhzN7O+6w/+piZj7B jWgbC1BaLskW2wJuCIQACk6o21oMDkYxfX3zlstvBk18KfbxgArtpCA0r0YRT4R8 z7OUrInqtT6cpgRKqSpiAQQApKGoClZCFPt7oG4U7ct8UEP+7kFJlhiHKFLv51rY rbMCtChzurDg/qVQJtgvCqmE8VS4CXH66l1AJAfwg26NTSAzjXQbj0fMsTofgUY6 RhCnVvPO8tQtpO3VTPR1+NNNQBHDqN5UA7P4yn5+cC6mFIWxxRDsZKkL6W5pAbNc HtMAEQEAAf8AZQBHTlUCENJ2AAEkAQIAAAUAAABDAACIngQYAQIACQUCSqkqYgIb IAAKCRBEbTBUCVZGxqXIA/Ytvb3C0HuHzh0pvh2DbxaCrSN3tmKwuEk2fyGOVNRx gryrQFtdcuSlWC3wlZhe5uZBtewcsyKlpvepACvIZT2/p4f5V5FXgTgv8b2Ek66p pCzJIePrWItojoZICjeZpVGcnAVLJfnMgejZsiWlBZC2q+nZzD9jCFJWAlwehBxX nKYESqkqYgEEAJFgPEw2pMw52gB5EcbwA6fOGEEIJdJUjQStnu3fGzru93tLgmZl wx3CPzQIoI1IfnqIMdEZZuAnvHlraeCXjW+ykU6A7F5v3RhM36TpbwJ8IH9FqHhy tBBTRG2gqiCGJroDJGy0ws2PFeywozhKjY/NpRVmSSPoXiDURjfvioXvABEBAAH/ AGUAR05VAhDSdgABJAECAAAFAAAAQwAAiJ8EGAECAAkFAkqpKmICGwwACgkQRG0w VAlWRsa5FQP+PPKmU/jKZCd0HSVuBhVwRNHl1cUmagZNgBeCMP2n1vj4fqcEkRLg E1UxZ2vs/n+r3bmIf47rSYH6ANeo47d1NymJWCJnD2xrjuqhVX6uYeECfMS36k5b xPKBveuPvbhmxSBa26Ju215fPizg8CCYjw7p/sFdiVsSWXO9wCETPPQ= =Ol1j -----END PGP PRIVATE KEY BLOCK----- If I open my Hushmail keys in notepad it looks familiar to the test key I have exported from key management (with the card not inserted in the reader)! I am battling to understand this as I thought generating a key pair on the openPGP card itself was as secure as can be as your private key ONLY exists on the card itself and is not available anywhere else (ie: on your hard drive for export). David Shaw wrote: > On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote: > >> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys? >>> From what I understand Hushmail is based on OpenPGP so it should work. >> The key I have from my Hushmail account is 2048bit in length but once I >> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email >> anymore, any idea why? > > It should work fine. It sounds like a different sort of problem. > >> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will >> anyone be able to export or copy the private key (if the OpenPGP card is >> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere >> else besides on the card? > > No, but there is a stub secret key that lives in the usual secret > keyring. This isn't a true secret key (it does not contain the actual > key data), but is the OpenPGP information (user IDs and other things), > along with a pointer that says "the key is on smartcard XYZ". > > So if they can get ahold of your computer, someone could steal this > stub, but there is nothing secret about it, and it won't do them any > good. > > David > > >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
