On Thu, 10 Sep 2009 18:53, mcs...@hotmail.com said: > I am battling to understand this as I thought generating a key pair on > the openPGP card itself was as secure as can be as your private key ONLY > exists on the card itself and is not available anywhere else (ie: on > your hard drive for export).
If you look at the exported key you posted with gpg --list-packets yopu will get the listing below. I added a few comments: :secret key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 The primary secret key stub. The line "gnu-divert-to-card" indicates that this is stub key. As you can see there are only two parameters: skey[0] and skey[1] - this makes up the public parts of the key. There is nothing secret with them. For a real secret key (and not just a stub) you would see more parameters (i.e. the secret parameters). :user ID packet: "s...@test.com (TEST 003) <s...@test.com>" :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x13 digest algo 2, begin of digest 4d 4e hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1023 bits] :secret sub key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 Same as with the primary key. :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x18 digest algo 2, begin of digest a5 c8 hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 20) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1014 bits] :secret sub key packet: version 4, algo 1, created 1252600418, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] gnu-divert-to-card S2K, algo: 0, simple checksum, hash: 0 serial-number: d2 76 00 01 24 01 02 00 00 05 00 00 00 43 00 00 Same as with the primary key. :signature packet: algo 1, keyid 446D3054095646C6 version 4, created 1252600418, md5len 0, sigclass 0x18 digest algo 2, begin of digest b9 15 hashed subpkt 2 len 4 (sig created 2009-09-10) hashed subpkt 27 len 1 (key flags: 0C) subpkt 16 len 8 (issuer key ID 446D3054095646C6) data: [1022 bits] Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users