How do I make the private key on a OpenPGP smartcard non exportable ?
Heinz Diehl
htd at fritha.org
Sat Jun 22 09:35:06 CEST 2013
On 20.06.2013, Henry Hertz Hobbit wrote:
> Try the backup from GPA's menu. I doubt you will get anything
> that can be exported. If you get a backupg.gpg (or similar), then try
> importing your secret keys onto a second system with GPGWIN installed.
The thing is, if there's a command to export the private keyring,
you're hosed. Somebody who has access to your machine could simply
install his own software.
Besides: what would you do if you had discovered that somebody had
gained root-access to your machine? I bet you would use your
revocation certificate anyway.
> Let's say your machine gets infected. Let's also suppose that a
> key logger has been installed.
Then, your PIN and passphrase is known to the adversary, and you're
f*cked up.
The whole point with a smartcard is that it's a lot easier to memorize
the PIN than a long and complicated passphrase, and that the private
key can't be exported. If it can, there's no need for a smartcard.
More information about the Gnupg-users
mailing list