[SUGGESTION] Implement a function to re-generate public keys and(!) "stubs" from private keys stored on smartcard only
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	syryos
	Oct 3 2014, 9:07 PM

Description

User story and problem:

As a Smart Card user, your private keys is stored on your smart card, and the
secret keyring on your main computer has only a so-called "stub" (pointer) to
your secret key in it. When you decided not to store the public key [sic]
elsewhere, for example, when you have forgotten to store that when you generated
your private key, you cannot recreate the public key from the secret key on your
card.

"Generating smart-card stubs on a clean computer?" [1] explains that you need
the public key plus a run of --card-status to generate the stubs.

Problem:

current gnupg does not have a function to re-calculate the "stub" and the
"public key" from a secret key on your card.

Remark:

A manual, but quite difficult, solution was proposed in [2].

[1] http://lists.gnupg.org/pipermail/gnupg-users/2010-September/039488.html
[2] http://lists.gnupg.org/pipermail/gnupg-users/2014-October/051051.html

Related Objects
Search...

Status	Assigned	Task
Resolved	• gniibe	T1734 [SUGGESTION] Implement a function to re-generate public keys and(!) "stubs" from private keys stored on smartcard only
Open	None	T2349 Composing a private key from raw key material
Resolved	• gniibe	T3478 Subkey-Grip support for unattended key generation

Event Timeline

syryos added projects: Feature Request, gnupg.Oct 3 2014, 9:07 PM

syryos added a subscriber: syryos.

This shows up elsewhere too:

http://forum.yubico.com/viewtopic.php?f=26&t=1171

says:

For some inexplicable reason, GnuPG cannot extract the public key from a
smartcard except during generation. That means that to use the key from
another computer, you either have to copy the public key from the original
computer's GnuPG keyring, or you need to set the URL attribute to a file
which contains the PGP public key block. Otherwise, the token is effectively
locked to a single computer, and unuseable if you happen to trash your
keyring unless you regenerate a key.

It would be nice to streamline this case.

• gniibe claimed this task.Apr 3 2015, 6:09 AM

• gniibe added a subscriber: • gniibe.

marcus added a subtask: T2349: Composing a private key from raw key material.Jul 20 2017, 9:15 PM

• gniibe added a subtask: T3478: Subkey-Grip support for unattended key generation.Nov 1 2017, 12:37 AM

• werner closed subtask T3478: Subkey-Grip support for unattended key generation as Resolved.Nov 6 2017, 3:09 PM

matheusmoreira added a subscriber: matheusmoreira.May 9 2019, 10:05 PM

gpg-agent now supports READKEY --card command which creates stub file when it's not yet available on host computer.
It was implemented by rG82cbab906a3e: agent: Add --card option for READKEY.

Further, gpg frontend now support --quick-gen-key with card option, which can be used to create OpenPGP key from card key.
It was implemented by rGd3f5d8544fdb: gpg: Extend --quick-gen-key for creating keys from a card..

So, closing this task.

[SUGGESTION] Implement a function to re-generate public keys and(!) "stubs" from private keys stored on smartcard onlyClosed, ResolvedPublicActions