Hi, is it possible to somehow combine gpg's private key password protection (gpg --edit-key; passwd) and smartcards?
Or in other words, is it possible to store an already encrypted (password protected) gpg private keys on a smartcard? So the smartcard never gets to see the plain key? I've learned the hard way (by buying the equipment even with external PIN pad), that when "keytocard" has been used, that only the PIN has to be entered. No password. Unfortunately. The smartcard has been bought by me to improve security. Not to substitute one security mechanism with another. I believe gpg's software encryption is more trustworthy than a card I got by snail mail. I haven't heard that any cards have been compromised yet, but how do I know if I really received an original (untampered) card in the first place. In my opinion both attempts, password protection and smartcards, on security are worthwhile. When using smartcards I am trusting hardware, a small group of card designers, producers, post office... And when using gpg's software key encryption, I am trusting the software producers and the programmers actually looking at the code. The idea was to take my chances. If smartcards work, that's great. The key can be abused when a malware infection happened, but at least the key can not be extracted. On the other hand, if I loose my smartcard and smartcards don't do what they promise (i.e. someone ever comes up with some exploit to extract the key), I fall back to gpg's software key encryption. I am ignorant about the technical details. Maybe there is a technical reason why it's not worthwhile to combine these things? Or are smartcards just too limited at this stage of development to support that? Cheers, adrelanos _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
