I have been using “Cryptoflex 32K e-gate” Smartcards with PGP (Symanec Encryption Desktop) for years. I generated the keys in OpenSSL and transfered it to the smartcard via OpenSC.
Now I would like to change to gpg4win, but there are the following open questions:
-
Is it possible to read Cryptoflex 32K e-gate smartcards with gpg4win (or with gnupg respectively)? Die smartcards are already completely set up and gpg4win would only need to access the keys on the card. gpg4in would not need to manage the keys on the card at all. This was possible with PGP (Symantec) as long as it was given a pkcs11-library (opensc-pkcs11.dll) to access the card. I tried this with Kleopatra but did not succeed. I am using a SPR532 card reader.
-
If I would need to buy new cards (e.g. OpenPGP v3.3 smartcards), could I import my already existing keys (in PEM format) to the smartcard and to gpg4win? I need to maintain my existing keys.
Any help is highly appreciated
Alex
Hi,
I am not 100% sure if GpgSM (the S/MIME part of GnuPG can’t handle them. I am sure though that Kleopatra does not support it in the Smartcard Management view.
You could try it out by inserting the card and on the command line use:
gpgsm --learn-card
the OpenPGP part of GnuPG (gpg) will not be able to handle it.
In general S/MIME certificates like you have and OpenPGP are incompatible. While in theory the underlying key material could be reused in practice it does not make much sense and is not supported by GnuPG directly. Yes it would make sense in the case of smartcards but the S/MIME and OpenPGP card specs differ.
If you switch from S/MIME to OpenPGP you will have to publish / provide new public keys anyway.
So my suggestion would be to get an OpenPGP card, do OpenPGP with GnuPG and that card and maybe keep your old S/MIME card around and do S/MIME with that.
Best Regards,
Andre
Hi Andre,
Thank you for the rapid response. Unfortunately, “gpgsm --learn-card” does not reognize the card either.
So it seems I will have to get a OpenPGP-Card and create new keys.
Have a nice day
Alex