Il 15/08/2014 02:18, Peter Lebbing ha scritto: > The problem is expiring a encryption-capable subkey on an OpenPGP > smartcard, replacing it with a new one. > Currently, the OpenPGP smartcard only allows a single > en-/decryption-capable key. That's exactly why I started MyPGPid project. Too bad I've had no time to develop it further :( Hope I'll be able to return on it soon... Unless another (paid) project steps in...
> Suppose after some time I decide an old key has seen it's useful > lifetime. I'd like to create a new encryption-capable key. However, I > definitely need to keep the old key, or I won't be able to see anything > encrypted to me in the past. Currently you have to generate your encryption key on the PC and copy it to the card. So you have a copy to reuse. Or just use multiple cards <BEG> > The current OpenPGP smart card restricts me to a single key for > encryption, a single key for signatures, and a single key for > authentication. If it were possible to tell the card, on uploading the > key, what that key's usage will be, I would be able to have a separate > smartcard that decrypted the 3 OpenPGP subkeys I used for encryption > previously. This instead of being forced to use 3 separate smartcards. I > get the impression this is a relatively small change to the firmware of > the smartcard, but a larger change to the software running on the PC. On a 144K javacard, IIRC, I've been able to store 13 RSA-2048 encryption keys. Plus master, signature and two auth keys (one reserved for contactless auth). BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
