Le lundi 11 janvier 2010 à 16:53 +0100, Peter Stuge a écrit : > > > Of course, if your card is damaged, lost or stolen, your > > > certification should be revoked by the CA and reissued with a new > > > certification. But you still need the old key to decrypt old data > > > to re-encrypt with the new key, right?
This is why I don't intend to generate an RSA key on card. I plan to create master, secondary and tertiary CAs: * The primary CA is the backup, stored in a safe place. * The secondary CA can be transferred to one or two smartcards used for daily administration. * Then I issue tertiary CAs : one for VPN, one for login, etc ... In this situation, I may use my card to administrate tertiary CAs. If the card is lost, I can revoke the secondary CA or issue a backup card. I thought about an alternative where I would create a primary CA on card, sign-up a secondary CA for daily administration. This would be an elegant situation without key transfer. But in this case, there is only one backup and master card. And as I am a newbee, it seems a little bit tricky to rely on a single card! In my opinion, key transfer is more flexible. What do you think? Any suggestion is welcome. Kind regards, Jean-Michel
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
