Hello Peter !
Peter Lebbing <pe...@digitalbrains.com> wrote:
> AFAIK, if you create a smartcard key with backup file, this is pretty much
> equivalent: the key is created off-card by GnuPG, and uploaded to the card.
> Only when you choose the option to create a smartcard key without backup
> file will it get generated on card. I concluded this from reading the
> OpenPGP Card spec: I don't see a possibility to generate an on-card key and
> have the secret key material for the backup file, so the only possibility I
> see is that the key is generated by GnuPG and then uploaded to the card.
In my opinion, a key-to-card key should *never* have an existent backup.
Purpose of cards is "one man"/"one card", as the card is supposed to
identify the man for all purposes. If a backup exists somewhere, that means
that *another card* could be emitted, and *another man" than you is walking
somewhere and acting exactly as he was you...
This is a very high risk.
--
Laurent Jumet
KeyID: 0xCFAF704C
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
