Thank you very much. Now things are perfectly clear. Regards, /Astrakan
On 2011-03-31 21:23, David Tomaschik wrote: > On Thu, Mar 31, 2011 at 3:06 PM, Astrakan <[email protected]> wrote: >> Thank you for your quick response. >> >> A couple of follow-up questions: >> Im noticing that in an "empty" gpg-installation, when I run the >> --card-edit command, gpg creates the >> keyring files (0 bytes in size) in the homedir. When I then run the >> generate command to create keys on the >> card the keyring-files grow to a couple of bytes in size (secring >> containing stubs that point to the card, right?) and >> pubring.gpg containing the public key (since I can encrypt only when the >> card is not inserted). >> >> So even if I generate the keys directly on the smartcard, using >> --card-edit and generate commands, do >> the actual public key key mass populate the smart card? > When you --card-edit and generate, the card generates the key > internally and stores the (private) key on the card. secring contains > the stubs and pubring contains your public key data, trust data, etc. > >> Follow-up question 2: >> If I "fetch" the public key from a keyserver, on a computer with an >> empty gpg installation, and import it, >> does that store the public key on the card or is pubring.gpg created and >> populated? >> >> /Astrakan > Even doing gpg --card-status generates keyrings, as that imports the > private key stubs. Fetching downloads the key to the pubring file. > > The public key is NEVER stored on the card -- as Werner points out, > the storage space on a smart card is orders of magnitude smaller than > many user's public keys. > > > _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
