How to get public key on computer after generate command on the card?


Please let me know, how to generate RSA 4096 keys on the card without exporting or revealing their private parts to the host and after that get corresponding public keys present in the software keyring of the GPG?

I am using Debian stable.

Created the keys using generate command INSIDE the card using gpg --card-edit command, and rejected to export them when was asked.

gpg --card-status displays everything is like OK, there are three RSA4096 keys inside the card.

Now I try to find them in the software keyring and then export them for usage with SSH.

All suggestions which I was able to find offer to import public keys from somewhere except the card itself, e.g. from key server, from local disk asc file, etc. But I did NOT export any keys during generate procedure. I would like private parts of the keys would NEVER leave the secure hardware of my NitrokeyPro2.

But where can I get public parts of the keys for local software keyring of the gpg? I tried to gpg --card-status, but it did not help to populate my software keyring.

Are public parts of the keys stored on the card at all? Or the card hardware stores only private parts of the keys?

Your instruction:

suggest: “Please do not create the suggested off-card backup

This “backup” does only save the encryption key, but not the signature and authentication keys. In case of a loss of the device, you will not be able to restore the whole key set. So on the one hand it is no full backup (use these instructions instead, if you need one) and on the other hand you risk that someone else can get in possession of your encryption key. The advantage of generating keys on-device is to make sure that keys are stored securely. Therefore, we recommend to skip this half-backup.

Also it mentions one of private keys is exported (specifically “encryption key”).

I also tried to make this so called “off-card backup”, and it resulted in what I was looking for: all keys are listed in the software keyring. Though I am not sure private parts for which keys were actually exported if any one of them at all and how to verify this? And how to delete exported private parts of the keys keeping public keys in the ring.

Also please explain what is being stored in the directory:


There is a string like shadowed private key and such files are being created even if choosing to avoid making off card backup for the keys.

Are these actual private keys the same as on the secure card hardware, or something else? I would like no private keys used for SSH authentication ever leave the Nitrokey Pro2.

Actually I am already confused with all this mess. Can NitrokeyPro2 be used just as PKCS11 provider for SSH without any GPG and private keys shall never leave the token ever.

How many PKCS11 RSA4096 keys can be created in PKCS11 mode for SSH without using any GPG related tools?

Where is an instruction for NitrokeyPro2 (generating not extractable PKCS11 private keys, then use them in ssh -I, etc.) +PKCS11+SSH ? The same way as eToken, HSM, etc. work if I understand correctly. No GPG please :slight_smile:


Lots of questions! Most of your questions pertain to the GnuPG itself.

But maybe some things can be make simpler.

Normally this directory (which is managed by gpg-agent) contains private keys, if stored on disk.
For the keys stored on the token, an information representing the key on the token (“shadowed key”) is stored there only:

Here is a random key from my directory:

Token: D27600012401030400050000C4400000 OPENPGP.2
Key: (shadowed-private-key (rsa (n #0083524BFF4E3B063C422063030DD82964F
  #010001#)(shadowed t1-v1 (#D27600012401030400050000C4400000#

As one can see, the token ID and the public key are stored there. This is where the serial number of the token comes from if gpg-agent asks you to insert the token.

Your home directory can store private key information from multiple tokens at the same time.

LEARN command of the GnuPG Agent will retrieve the keys from the token and update that database, therefore extracting the values of the public key to the disk. (I think there is some command line option to gpg2 to do this). gpg-agent and scdaemon Info documentation explain some parts of this (although not very friendly).

Once the keys are in the $HOME/.gnupg/private-keys-v1.d, gpg2 should be able to see them, just list your keys and/or private keys. It should see the private key even if the token is not inserted. You will be asked to insert the token only if you really try to use the key for signing/encryption/authentication.

This is a different story altogether. If you follow the strict GnuPG way, you should forget PKCS#11 standard and use gpg-agent for both GPG and SSH keys.

In my $HOME/.xinitrc that starts my X window session I have this:

gpgconf --kill gpg-agent
eval `/usr/local/bin/gpg-agent --daemon --enable-ssh-support`

and this gives me both GPG agent socket for GnuPG operations as well as the SSH agent socket for ssh. Both can be forwarded to other hosts if needed.

Many window environments can do something similar, some have even graphical component that is used to manage all of this).

I don’t remember the details but gpg-agent likes to have the keygrip listed in the $HOME/.gnupg/sshcontrol file if its use is allowed for SSH. How to enable SSH access using a GPG key for authentication | explains this a bit (the process it the same for the on-disk or on-token keys).

I have edited your quote above to remove any mention of PKCS#11 since this only leads to the confusion.

OpenPGP cards standard there can be three (3) keys on the card. For example, this OpenPGP Key Generation With Backup - Nitrokey Documentation explains how to import the externally generated key (not what you want) using keytocard to the OpenPGP card - you can see that you need to say “where to store the key on the card” - because the slots have pre-defined meanings for GnuPG.

If you are not happy with 3 keys only - then the Nitrokey Pro and other OpenPGP cards are not the product for you.

SSH is less picky, but I haven’t tested if you can use all the 3 keys for SSH. Maybe not. (SSH authentication is esentially a signing operation so the key should support that function).

You can use your GPG RSA key for SSH authentication, SSH does not need all this “identity” stuff, just the keygrip for $HOME/.gnupg/sshcontrol and the public key to put in the authorized_keys file.