Am Freitag, 26. Februar 2016, 15:18:55 CET schrieb Werner Koch: Hi,
> In any case you need to load the keys onto the card and don't have the > card create the key. Smartcards may break and then you would not be > able to decrypt anything if you don't have an offline backup the key. Please allow me to mention that many smartcards disallow cleartext export of keys generated on the card while also don't allow to import cleartext private keys. But this is not a backup issue as most cards also allow for n-of-m threshold schemes and DKEK/key-wrapping e.g. http://www.smartcard-hsm.com/2014/09/25/ Desaster_Recovery_for_your_SmartCard-HSM.html IMHO there are additional legit use cases where having multiple private keys for decryption would be more than useful. Today I circumvent the limit by using multiple OpenPGP Cards and multiple GNUPGHOME directories each configured for a different USB device (scdaemon.conf) While imho pkcs#11 is ugly it really is a tool to gain interoperability while cleaning up a lot of mess (many people are confused with the current situation) and make encryption available to the masses. Kind Regards --martin konold -- Dipl.-Physiker Martin Konold e r f r a k o n Partnerschaftsgesellschaft Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Registergericht: Amtsgericht Stuttgart PR 126 Firmensitz: Adolfstraße 23, 70469 Stuttgart fon: 0711 67400963 fax: 0711 67400959 email: martin.kon...@erfrakon.de http://www.erfrakon.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
