On 06/02/16 19:40, Sam Pablo Kuper wrote: >> In [this] scenario one would be able to revoke the subkeys and >> generate new, without using an off-card copy of the master key > > I believe that is correct. [...]
You should just be able to use your smartcard to do all operations with the master key on it, including generating and revoking subkeys. There is one little snag: with GnuPG before 2.1, it's rather difficult to spread one certificate over multiple smartcards. Once it sees one of the two, it will mark the other keys as "not available" and never update it when it subsequently sees the other smartcard. You need OpenPGP packet surgery to transplant the correct data. GnuPG 2.1 does the right thing, I believe. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
