Public keys on smartcard

Astrakan gpgikaros at armax.se
Fri Apr 1 09:51:21 CEST 2011


Thanx for your input.
Ok, so Im guessing the RSA-modulus (p and q) are stored on the card
along with the private exponents, or
perhaps the private key in its whole, already computed?
How much of the RSA-operations are made on the card, in terms of key
generation, signature making etc?

Does anyone know the max storage capability of the v2.0 OpenPGP-cards? A
few K?

/Astrakan

On 2011-03-31 21:39, David Shaw wrote:
> On Mar 31, 2011, at 3:06 PM, Astrakan wrote:
>
>> Thank you for your quick response.
>>
>> A couple of follow-up questions:
>> Im noticing that in an "empty" gpg-installation, when I run the
>> --card-edit command, gpg creates the
>> keyring files (0 bytes in size) in the homedir. When I then run the
>> generate command to create keys on the
>> card the keyring-files grow to a couple of bytes in size (secring
>> containing stubs that point to the card, right?) and
>> pubring.gpg containing the public key (since I can encrypt only when the
>> card is not inserted).
>>
>> So even if I generate the keys directly on the smartcard, using
>> --card-edit and generate commands, do
>> the actual public key key mass populate the smart card?
> The card stores the parameters from the RSA algorithm (i.e. a series of numbers).  Some of these numbers are considered public (and can be retrieved from the card), but this is not the same as what people generally call a "public key" in the OpenPGP/GnuPG sense.  The OpenPGP public key contains those numbers in a particular format, plus the user ID(s), plus a signature for each user ID, etc.
>
> Basically, the answer to your question is strictly speaking yes, but for practical purposes no.
>
>> Follow-up question 2:
>> If I "fetch" the public key from a keyserver, on a computer with an
>> empty gpg installation, and import it,
>> does that store the public key on the card or is pubring.gpg created and
>> populated?
> That just stores the fetched key in your pubring.  The card is not modified.
>
> David




More information about the Gnupg-users mailing list