Public keys on smartcard
David Shaw
dshaw at jabberwocky.com
Thu Mar 31 21:39:34 CEST 2011
On Mar 31, 2011, at 3:06 PM, Astrakan wrote:
> Thank you for your quick response.
>
> A couple of follow-up questions:
> Im noticing that in an "empty" gpg-installation, when I run the
> --card-edit command, gpg creates the
> keyring files (0 bytes in size) in the homedir. When I then run the
> generate command to create keys on the
> card the keyring-files grow to a couple of bytes in size (secring
> containing stubs that point to the card, right?) and
> pubring.gpg containing the public key (since I can encrypt only when the
> card is not inserted).
>
> So even if I generate the keys directly on the smartcard, using
> --card-edit and generate commands, do
> the actual public key key mass populate the smart card?
The card stores the parameters from the RSA algorithm (i.e. a series of numbers). Some of these numbers are considered public (and can be retrieved from the card), but this is not the same as what people generally call a "public key" in the OpenPGP/GnuPG sense. The OpenPGP public key contains those numbers in a particular format, plus the user ID(s), plus a signature for each user ID, etc.
Basically, the answer to your question is strictly speaking yes, but for practical purposes no.
> Follow-up question 2:
> If I "fetch" the public key from a keyserver, on a computer with an
> empty gpg installation, and import it,
> does that store the public key on the card or is pubring.gpg created and
> populated?
That just stores the fetched key in your pubring. The card is not modified.
David
More information about the Gnupg-users
mailing list