Is an on-card-generated key more secure than an imported one?

For the private key, yes in one specific way: it never existed off the card, so there is no on-device copy that could have been captured before it reached the token. The trade-off is that you cannot back it up — it cannot be exported.

Can I back up a key generated on the card?

No. That is the point: the private key cannot leave the card. If the card is lost or reset, the key is gone. For keys you need to back up, generate on-device (or on a desktop) and keep an encrypted backup; use on-card generation when non-extractability is what you want.

Which cards support on-card key generation in PGPony?

OpenPGP NFC smartcards that support ECC key generation — validated on YubiKey 5 NFC and Token2. PGPony generates an Ed25519 signing/certification key and a Curve25519 encryption subkey on the card over NFC.

// glossary / on-card-key-generation

On-card key generation.

Creating an OpenPGP keypair directly on a hardware security key — a YubiKey, a Token2 — so the private key is born on the card and never touches the computer or phone. Sometimes called "born on card."

// definition

On-card key generation is when the random keypair is computed by the smartcard's own secure element rather than by the host. The private key material is created inside the card and is never exportable — only the public key and on-card operations (sign, decrypt) leave the device.

What it is.

A hardware OpenPGP key can hold a private key in two ways. You can generate a key elsewhere and import it onto the card, or you can ask the card to generate the key itself. The second path is on-card generation: the secure element produces the random key internally and stores it where it can never be read back out.

The difference matters for the threat model. An imported key existed, however briefly, as bytes on a computer or phone — somewhere it could in principle have been copied. A key born on the card has no such window: there is no off-card copy, ever, because the private half is never emitted.

Why it matters.

Non-extractability is the strongest version of the hardware-key promise. For a high-value identity — a maintainer's release key, a journalist's source key — "the private key has never left this token, not even at creation" is a meaningfully stronger statement than "the private key lives on this token now." A seized or compromised host has nothing to surrender.

The cost is symmetrical: a born-on-card key cannot be backed up. If the card fails, is lost, or is reset, the key is gone and so is anything encrypted only to it. Choose on-card generation when you specifically want non-extractability; choose on-device generation with an encrypted backup when recoverability matters more.

// in PGPony PGPony generates keys on the card over NFC — an Ed25519 certification/signing key and a Curve25519 encryption subkey — on YubiKey 5 series and Token2. Full card management (admin PIN change, unblock, factory reset) lives on the same screen. See the guide: Generate a PGP key on a YubiKey.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play