Extracting private key from a smartcard

Dennis's Avatar

Dennis

02 Sep, 2017 10:14 AM

Hi there,

I just moved my primary key and its subkeys to a smartcard. Command-line GPG clearly shows (adds '>' after 'sec' and 'ssb' in the list of secret keys) that all of the keys are now on the card. However, using both the command line and the GPG Keychain GUI I can still export both public AND private keys, when the card is present AND when the card is removed. Evidently, I still have the secret keys on the keyring on my machine. Am I doing something wrong? I am running GnuPG/MacGPG2 2.0.30 on macOS 10.12.6.

Thank you for any feedback!

  1. Support Staff 1 Posted by Mento on 11 Sep, 2017 09:29 AM

    Mento's Avatar

    Hi Dennis,

    it looks like, you have copied the keys to the smart card, but not deleted it from your local machine.
    To solve this:
    1. Make a backup of your .gnupg folder.
    2. Delete your secret key using GPG Keychain. (Do NOT delete the public key!)
    3. Plug in your smart card.
    4. On the command-line run gpg --card-status.

    Now everything should be working as expected.

    Regards, Mento

  2. 2 Posted by Dennis on 11 Sep, 2017 01:43 PM

    Dennis's Avatar

    Hi Mento,

    Thank you for the walk-through. In fact, I did just that: deleted the entire key through the GPG Keychain (including the public key, to be on the safe side), then re-imported the public key only, and finally paired the imported public key with the card-based private key via "gpg --card-status". At which point I was again able to export the entire key (public + private keys) through GPG Keychain. Clearly the private key remains somewhere on the chain (even though not visible through GUI). Will try deleting private key only and will report back.

    Best,

    Dennis

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac