On 11.01.2010, at 17:28, Eric wrote: > > Why don't you want to generate the keys on the card? Under normal > > circumstances that's the thing smart cards are for. > > I've got limited experience with PKI policies, but what about key escrow? Or > the poor man's version, creating a backup copy of a smart card on another > smart card, kept in a firesafe? I don't believe that this goes under a "normal beginner usage scenario".
> Of course, if your card is damaged, lost or stolen, your certification should > be revoked by the CA and reissued with a new certification. But you still > need the old key to decrypt old data to re-encrypt with the new key, right? Correct. -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
