On Tue, 27 Oct 2009 10:49, lis...@nebelschwaden.de said: > Scenario 1:
> I remove the card and try to decrypt a file. Decrypting still works > without a card being inserted and the password instead of the PIN. Ok, That is because you copied the key to the card and the on-disk key is still available. Use gpg --delete-secret-key KEYID to remove the secret parts of the key. The run gpg --card-status so that gpg can create a "secret key stub" which is required to manage the card. Note that the card only stores the real parts of the key but not the OpenPGP key info: the certificate/keyblob (i.e. user IDs and self-signatures). That is for size reasons. The upshot is that you need to safe the public parts of the key somewhere - the card references them using the fingerprint which is stored on the card. > it to be recreated, insert the card and try to decrypt the file. Gnupg > complains about "no valid OpenPGP Data found" (translated from german). Run LANG=C gpg xxxx to get English messages. > Now, what is really most important to me and what I would like to know: > What to do / how to use the card on a virgin system? Import the public key and run "gpg --card-status" once. The URL field of the card along with the --edit-card "fetch" command are pretty useful here. > Scenario 2: > Virgin System again, I create the key on the card with the backup key > written to disk. Now I have some cryptical_name.gpg file. > All I have is the cryptical_name.gpg on some rescued USB stick. Just, how > do I get this key back on my card please? Import the public key and run gpg --edit-key KEYID the enter the command "bkuptocard". > Last question: > Is there any way, to the copy the key on the card to the drive? Or do a > backup after generation? The whole point of using a smartcard is that this it is not possible. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
