Chapter 5. Advanced Features

Table of Contents

5.1. Moving an existing key to the card
5.2. Using the card only for subkeys
5.2.1. What are Subkeys?
5.2.2. Moving a Subkey to the Card

Warning

Please make sure to make a backup of you key before experimenting with any of the following commands.

5.1. Moving an existing key to the card

Theoretically you can move any existing key to the card. It does not make a difference if you want to import a primary key or a subkey. Practically there are some restrictions. First, the card does not support DSA keys. Second, only 1024 bit RSA keys are currently supported by the card.

Use the keytocard command to move the key. gpg will do the checking for you and will also tell you if it is possible to move the key or not.

archi@foobar:~ > gpg --edit-key 4A1D3D53
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

pub  1024R/4A1D3D53  created: 2005-03-05  expires: never       usage: CS
                     trust: ultimate      validity: ultimate
[ultimate] (1). Archibald Goodwin (2) (The Tester) <archi@foobar.example>

Command> toggle

sec  1024R/4A1D3D53  created: 2005-03-05  expires: never
(1)  Archibald Goodwin (2) (The Tester) <archi@foobar.example>

Command> keytocard
Really move the primary key? (y/N) y
Signature key ....: 5140 AA49 39A0 01D1 29A9  9042 28D4 524A 2AB4 B711
Encryption key....: E684 AB4A AD27 DEC3 986E  C90F 2AEB 898F F651 8D6B
Authentication key: AF53 357B 5E13 9D2A 4E14  AEB7 07A6 51FA 53CD 8E68

Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 3

gpg: WARNING: such a key has already been stored on the card!

Replace existing key? (y/N) y

You need a passphrase to unlock the secret key for
user: "Archibald Goodwin (2) (The Tester) <archi@foobar.example>"
1024-bit RSA key, ID 4A1D3D53, created 2005-03-05

gpg: 3 Admin PIN attempts remaining before card is permanently locked

Admin PIN

sec  1024R/4A1D3D53  created: 2005-03-05  expires: never
                     card-no: 0001 00000049 // Indicating the key has been moved to the card.
(1)  Archibald Goodwin (2) (The Tester) <archi@foobar.example>