Hello, for security reasons, I have decided to migrate my most important subkeys to smartcards. I have a number of questions regarding the transfer/migration.
a) I've bought two OpenPGP smartcards (v2). Their overprint says they support "RSA with up to 3072 bit". In the GnuPG 2.0.18 release notes one change was to "Allow generation of card keys up to 4096 bit". Does that apply to the OpenPGP v2 card? b) As far as I know, the cards can only store subkeys, i.e. no primary key. That way, only decryption, singing and authenticaion will be possible. If I want to sign other keys, will I have to keep the primary key somewhere safe off-card? c) For convenience, I bought two cards which are supposed to store the same keys. I want to carry one card around with me every day for mobile use (I also bought an SCR3500 reader for that purpose) and leave the other one at home in the card reader on my desk. Now the problem is that the keytocard command can only be issued once, since it deletes the key from the computer. To copy the keys to both cards, I would have to backup my secret keys, insert card #1, issue keytocard, restore the backup, insert card #2, issue keytocard again. Will that cause any problems in later GnuPG use as the cards' IDs are different? Thanks! Richard _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users