On 15/08/14 13:10, Andreas Schwier wrote: > I'd recommend it the other way around: Generate your keys on a smart > card and have it securely exported into your backup.
> [...] > So what is that assumption based on ? If you are using a hardware device > that is certified as Secure Signature Creation Device under the Common > Criteria scheme, then the quality of the random number generation is an > important criteria in the evaluation (see for example AIS31 under the > German CC scheme on the BSI website). Please note I was specifically talking about the OpenPGP card as it is now, not about smartcards or HSMs in general. Obviously an HSM *can* have a really great hardware RNG. But they are complex devices. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users