> Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired > outcome without difficulty, even if it might be a bit non-standard.
I have 2.1.11 > Can we first get out of the way which exact version of GnuPG you're using? If > you're using 2.0, start with the threads linked above, and feel free to report > back if you're unclear about something. For 2.1, if time permits, I can > outline > the steps for you. You will need to have the private key on-disk for both Ok. So I am using 2.1 and I have read the referenced threads and the both options assume that you either generate key of the card or maintain a copy of that. Anybody was able to do that with generating keys on the card always and not extracting them from the card as the copy either? > rather trust GnuPG's random number generator than the one on a cheap smartcard > (or any smartcard for that matter). So I would recommend to not use the > on-card > key generation feature anyway. That's quite an interesting point that I have not thought about. Do you have any references to the papers that I can read on this subject? > with writable media altogether (ignoring writing DVD's for a moment; that's > not > something you accidentally leave on). Unless you don't have a DVD writer, of > course :-). Do not have DVD writer anymore, but managed to buy USB flashcard with write protection switch. As I understand the protection switch there is hardware one, so should be good enough replacement for DVD-Rs. Key generation on air gaped machine is ok for me and I think I have enough information now to try to do that. But same time I find it a kind of overkill over key generation on the card for my use cases. E.g. I am not looking for security stronger than government issued eID cards have and they are usually key on card generated with card random number generator. Anton. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
