Page MenuHome GnuPG

[SUGGESTION] Implement a function to re-generate public keys and(!) "stubs" from private keys stored on smartcard only
Open, WishlistPublic


User story and problem:

As a Smart Card user, your private keys is stored on your smart card, and the
secret keyring on your main computer has only a so-called "stub" (pointer) to
your secret key in it. When you decided not to store the public key [sic]
elsewhere, for example, when you have forgotten to store that when you generated
your private key, you cannot recreate the public key from the secret key on your

"Generating smart-card stubs on a clean computer?" [1] explains that you need
the public key plus a run of --card-status to generate the stubs.


current gnupg does not have a function to re-calculate the "stub" and the
"public key" from a secret key on your card.


A manual, but quite difficult, solution was proposed in [2].


Event Timeline

This shows up elsewhere too:


For some inexplicable reason, GnuPG cannot extract the public key from a
smartcard except during generation. That means that to use the key from
another computer, you either have to copy the public key from the original
computer's GnuPG keyring, or you need to set the URL attribute to a file
which contains the PGP public key block. Otherwise, the token is effectively
locked to a single computer, and unuseable if you happen to trash your
keyring unless you regenerate a key.

It would be nice to streamline this case.