On 05/10/11 08:15, Faramir wrote: > Would Paperkey be useful to do that? I guess no, since it encodes > the private key somehow... but maybe tweaking it?
IMHO, if you want to have a backup that also allows you to use the key without the card, the following procedure is by far the easiest: - Create a normal RSA key (gpg --gen-key) - Back it up in a safe place, run it through paperkey, all the usual steps - From gpg --edit-key, use the keytocard command. Now you have the key on the card, and the secret key material that was in your secret keyring is replaced by a stub that points to the smartcard. So the secret key material is no longer in the keyring. AFAIK, if you create a smartcard key with backup file, this is pretty much equivalent: the key is created off-card by GnuPG, and uploaded to the card. Only when you choose the option to create a smartcard key without backup file will it get generated on card. I concluded this from reading the OpenPGP Card spec: I don't see a possibility to generate an on-card key and have the secret key material for the backup file, so the only possibility I see is that the key is generated by GnuPG and then uploaded to the card. Peter. PS: I accidentally hit the wrong "reply" button and sent this mail only to Faramir. So this is a copy to the list. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users