Hi all, Background: I have an offline system I use for holding my private keys on-disk. I use smartcards for my day-to-day use on ordinary systems. I use the offline system to generate new primary keys when needed, as well as encryption subkeys (so I can always go back and decrypt things even if the smartcards are lost), and then transfer keys to smartcards using the "keytocard" command under gpg --edit-key <keyID>. Signing subkeys are generated directly on the smartcards.
Issue: Whenever I use keytocard, the selected private key is transferred to the smartcard as expected. The selected private key on the offline system is replaced with a stub pointing to that card (also as expected). In my use case, this is undesirable since I wish for the offline system to retain the actual private key after copying the private key to the card. As a workaround, I've taken to making a backup of the .gnupg directory, performing the keytocard operation, then deleting the .gnupg directory that now contains the stubs and restoring the backup from before the operation. While functional, this is potentially error-prone. Question: Is it possible to transfer an existing private key from a computer to a smartcard without replacing the private key on the computer with a stub pointing to the card? Request: If it is not currently possible to do this, I request that such a feature (e.g. "copykeytocard" rather than "keytocard") be added when convenient. Thanks! Cheers! -Pete -- Pete Stephenson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
