Il 28/06/2016 04:16, NIIBE Yutaka ha scritto: > I think that it is opposite way what we should make it possible. Let > a government accept signature which is generated by our own > smartcard/token with free software. Or let a governor certify our own > public key, where the private key is in our own smartcard/token. That would be great, but I think it's an orthogonal issue. When you get to use a smartcard, you are already giving up a lot of control on your key, trusting something you can't control and hoping certifiers did their work correctly and the units being sold are completely like the tested ones.
The support for generic cards could be useful for other reasons. Say I have a smartcard that could host 15 keys. I'd like to use one for web auth, another for NFC auth, another for signing documents, another as my primary GPG identity (certification), one for GPG auth, one for GPG signing and the others for GPG decryption (just not to lose access to older mails). Currently it's not possible, unless I use quite a lot of different cards. IMO the "ideal" solution would be a FIDO-like system, where keys are kept, encrypted, on disk and uploaded as "blobs" to the card that decrypts 'em and only then become useable. That would remove the limit on the number of keys that could be kept on a card. But it's not feasible with Java cards, I think (at least I couldn't make it work w/o writing to the flash memory). That would be completely feasible with FST-01... BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
