Grant Olson <k...@grant-olson.net> writes: > On 03/22/2011 05:22 PM, Jerome Baum wrote: >> >> Are you talking about the option of moving a key to a smart card? >> Because if I generate it on-card, I won't have the option of >> RSA-4096. And will "average Joe" really move his key to a smart card if >> he generated it off card? And does that actually make any sense >> considering it wasn't originally generated on-card? >> > > Plenty of people move existing keys to smart cards. Generating a key > on-board is more secure, but then you're left dealing with two keys. > The old software one, and the new smart card one. And if you've still > got an old software key to deal with, then what's the benefit of a smart > card anyway? And the new key doesn't have any of your existing signatures.
So, I move my key to a smart card to gain the illusion that it's more secure, while it practically isn't (at least not much more). Personally, I'd generate one on-card and sign it with my off-card key. Then collect new signatures on the on-card key. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
pgpRZNnkmKEqG.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
