Il 20/02/2015 16:07, Ville Määttä ha scritto: >>>> 5 - possibility to export private keys to user-certified devices >>>> That pretty much defeats the point of using a smart card in the first >>>> place. >> That's not "uncontrolled export", and in fact… >> …(snip)… >> while importing a key (so that you "can't" alter -actually >> it's just "really hard", but doing that should invalidate signatures on >> your master key!- the policy by exporting from a device and importing on >> another). > There in lies the problem. It's really hard -> it's doable. Yes, by someone who controls the trusted export key. On the other hand, current method to generate on a "secure" system and move to card makes it easy to lose control of the key.
> What is the use case that absolutely needs exportable master keys? Safe key recovery in case sc gets damaged. With the current system you have to always generate new keys on the "secure system" and store the backup in a safe place that is *not* a smartcard. BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
