Proposal for multiple keys on an OpenPGP smart card
jose.castillo at gmail.com
Wed Apr 8 18:22:26 CEST 2015
> On Apr 4, 2015, at 6:50 AM, Achim Pietig <achim at pietig.com> wrote:
> Multiple users also require multiple password
> sets - this will extend the handling of the card
> a lot. Because actual smart cards always belong
> to a single identity, this topic will get no
> high priority.
Interesting. I had assumed that the same PW1 and PW3 could be used for all the key sets on the card, since a card generally does belong to one person. Even if they have two identities on a card (e.g. work and home, or current and expired), they’re the same person accessing those keys. I can see where multiple PINs could lead to more complexity — and more utility for some.
> An important goal of the actual card is a
> good price for small volumes! The actual chip
> has abaut 20K for program and data and I think
> it will be used completely for the new functions.
> Adding multiple keys will lead into a bigger chip
> with higher costs
Very understandable, although it’s worth noting that since it’s an open spec, others can implement the application and add functionality as long as it’s in line with the spec. While one card might have limited space, a token like Gnuk or Yubikey could implement this functionality on a roomier chip, provided it’s in the spec and supported by the terminal application.
More information about the Gnupg-devel