On 15/08/14 09:57, NdK wrote: > Currently you have to generate your encryption key on the PC and copy it > to the card. So you have a copy to reuse.
I don't think you *have* to, but it is certainly something I'd recommend. If the only existing copy is on one smartcard[1], and that smartcard breaks... for signature keys, not a problem at all. For primary keys pretty inconvenient. For encryption keys... data loss of all your encrypted data: huge. But you choose a smartcard for the properties that make it different than an on-disk key. If you then start keeping all your previous, expired encryption subkeys as on-disk keys, you defeat the purpose to a large extent. So if you had a smartcard with a lot of storage, you could copy the key material of your old keys, taken from your secure backup, to the card and keep on using a card to work with the keys. Hope that clarifies it, Peter. [1] Additionally, for on-card generated keys, the built-in hardware random number generator is used as the only source of randomness. I've understood that the quality of that RNG isn't up to par with GnuPG on a PC. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users