On 06/02/18 06:47, Matthias Apitz wrote: > Is there any way to export the secret keys from the OpenPGP card to use > them directly (with a passphrase) and without the OpenPGP card?
You need to do it the other way around: you need to create on-disk keys and export them to a card. It is explicitly not possible to get a secret key /from/ an OpenPGP card. If you chose to have a backup of your encryption key while generating card keys, this is what actually happens for the encryption key, but in a streamlined process. The backup file that is created in that way can be used to populate a new OpenPGP card once your current one breaks, but only for the encryption subkey. It contains the actual private key material. I think it will generate signature and authentication keys on the card; I don't use this mode because I have more trust in GnuPG's random number generator than any RNG on a smartcard. So I always just create an on-disk key, back that up, and subsequently move the keys to the card. Obviously you need to think about data left on disk after removal of files; I'm just giving a quick outline. Hint: I don't have a hard disk plugged into the system I'm using to do this. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
