GnuPG stub keys
"Stub" keys are references telling to GnuPG that it can find given private keys on ?smart cards (including "dongles").
The following options exist to create a stub key exist:
Initially when one moves a key to a smartcard GnuPG will delete the private keys on the computer after the key has been transferred to the card. Select keys to transfer with gpg --edit-key $keyid, then, keytocard. Please read the docs before doing this!
When a card is plugged in one can also fetch the public key associated with it from the keyserver. (gpg --card-edit, then fetch.)
Both will automatically create the stubs in the .gnupg/private-keys-v1.d/ directory associated with them.
Stubs can be seen in the output of --list-private-keys through the presence of # and > after sec and ssb:
The # indicates that the private key for that key is not available at all. This is the case with off-line master keys.
The > indicates that the private key is only a stub, meaning that it's not actually stored on the computer but that one needs the right smartcard/dongle to access it. As the stub encodes the serial number GnuPG will ask you to insert the device with that serial number when one attempts to perform any operation that requires the private key for which only a stub exists and the corresponding device is not plugged in at that time.