Using the card with your main key (not recommended)
gerloff <gerloff AT fsfe DOT org> - Wednesday 14 September 2005
Please Note It is not recommended to use the card with your main key. Please use the card with subkeys
This Howto gives very basic instructions for generating a GnuPG key and setting up your computer for use with the Fellowship card.
You can use your card for several purposes. Since most people will want to use it for mail signing and encryption, this is what we're going to talk about here. This document tries to guide you through the process of setting up your Cryptocard and getting it to do what you want it to do in a not-too-technical fashion.
For a start, we will only consider the situation where you generate a new GnuPG key to put onto your Cryptocard. This is the case for people who are using GnuPG for the first time.
Please Note This is only an introductory document, aimed at a generic hard- and software setting involving GNU/Linux. For a full-length description please see the full-length Fellowship crypto card Howto. If you run into problems specific to your GnuPG setup, you may want to read other GnuPG Howtos.
- What do you need to use the card?
- You will need something to stick your card into: A smartcard reader. There are several on the market. Pick the one that best suits your needs. (Advice: The SCR 335 is small and portable, but crashes very frequently unless connected via an USB hub. And its firmware cannot be upgraded.)
- Since you are going to install programs, you will need root privileges on your computer.
- You will also need an installation of GnuPG 1.4.2 or higher on your computer. Debian and Ubuntu GNU/Linux users can get this on the command line via $apt-get install gnupg. All others please refer to the GnuPG download section for information and download links. Generating a key for your card
First set up your card reader by following our card reader howto (hotplug). For newer systems, please follow the card reader howto (udev)
To modify the contents of your card, use the following command:
$ gpg --card-edit
GnuPG will start again, this time giving you its own command line and awaiting your orders. You can now start to generate your own GPG key and copy it onto the card. First, enter the GnuPG's administrator mode:
Then, tell GnuPG to generate a key for you:
You will be asked if you would like to make an off-card copy of the encryption key. It is useful to say yes here.
Choose if your key should expire after a certain time. Now you are asked for your real name, your email address and a comment (you don't have to enter a comment). Then confirm your information with "o". When you are asked for a passphrase, leave it blank.
Now you should be able to use your Smartcard the usual way one would use GnuPG, but instead of typing in a passphrase you have to enter the PIN. Have a lot of fun with your Fellowship card!