Thanx for your input. Ok, so Im guessing the RSA-modulus (p and q) are stored on the card along with the private exponents, or perhaps the private key in its whole, already computed? How much of the RSA-operations are made on the card, in terms of key generation, signature making etc?
Does anyone know the max storage capability of the v2.0 OpenPGP-cards? A few K? /Astrakan On 2011-03-31 21:39, David Shaw wrote: > On Mar 31, 2011, at 3:06 PM, Astrakan wrote: > >> Thank you for your quick response. >> >> A couple of follow-up questions: >> Im noticing that in an "empty" gpg-installation, when I run the >> --card-edit command, gpg creates the >> keyring files (0 bytes in size) in the homedir. When I then run the >> generate command to create keys on the >> card the keyring-files grow to a couple of bytes in size (secring >> containing stubs that point to the card, right?) and >> pubring.gpg containing the public key (since I can encrypt only when the >> card is not inserted). >> >> So even if I generate the keys directly on the smartcard, using >> --card-edit and generate commands, do >> the actual public key key mass populate the smart card? > The card stores the parameters from the RSA algorithm (i.e. a series of > numbers). Some of these numbers are considered public (and can be retrieved > from the card), but this is not the same as what people generally call a > "public key" in the OpenPGP/GnuPG sense. The OpenPGP public key contains > those numbers in a particular format, plus the user ID(s), plus a signature > for each user ID, etc. > > Basically, the answer to your question is strictly speaking yes, but for > practical purposes no. > >> Follow-up question 2: >> If I "fetch" the public key from a keyserver, on a computer with an >> empty gpg installation, and import it, >> does that store the public key on the card or is pubring.gpg created and >> populated? > That just stores the fetched key in your pubring. The card is not modified. > > David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users