Your question looks confused or contradicts itself... Well, I answer things which may help you, possibly.
First of all, there should be NO WAY to extract your GPG private key from the token, since this is the purpose of the token. As far as I know, there is NO WAY to extract it (the flash ROM is protected even against JTAG/SWD access. Besides, your GPG private key stored in the token is encrypted).
Secondly, you should have generated a revocation certificate right after key generation. Please read following documents for detail:
Thirdly, it would be better to revoke your GPG key when you lose your token and even if it is unlikely your private key is exposed.
It is your option to generate your GPG key on your PC and to import it to the token, so that you can have a backup of GPG private key.
If you chose generating your GPG key on the token and forget to generate revocation certificate, there will be no way to revoke your GPG key when you will lose the token.
Asked: 2012-10-17 20:15:31 +0900
Seen: 248 times
Last updated: Oct 17 '12