On Tue, 30 Aug 2011 17:54, rich...@r-selected.de said: > a) I've bought two OpenPGP smartcards (v2). Their overprint says they > support "RSA with up to 3072 bit". In the GnuPG 2.0.18 release notes > one change was to "Allow generation of card keys up to 4096 bit". Does > that apply to the OpenPGP v2 card?
Yes. > b) As far as I know, the cards can only store subkeys, i.e. no primary > key. That way, only decryption, singing and authenticaion will be > possible. If I want to sign other keys, will I have to keep the > primary key somewhere safe off-card? The default is to create a complete new key. > c) For convenience, I bought two cards which are supposed to store the > same keys. I want to carry one card around with me every day for You need to create the keys off-card and then export them to the card. "keytocard" in the --edit-key menu is what you want. > problem is that the keytocard command can only be issued once, since > it deletes the key from the computer. To copy the keys to both cards, Don't run "save" after "keytocard" and the key should stay on the disk. > keytocard, restore the backup, insert card #2, issue keytocard again. > Will that cause any problems in later GnuPG use as the cards' IDs are Possible. It will be easy to disable the check or - if the second card is used as a backup - to generate a new key -stub with the new serial number. It is not cryptographically locked. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users