Storing key on multiple smartcards
Peter Lebbing
peter at digitalbrains.com
Wed Apr 10 11:55:50 CEST 2019
(This went wrong! For some reason, gnupg-devel had dropped from the
recipients while I was writing the message. I must have accidentally
pressed some key or mouse button. I noticed this and added
gnupg-users to the recipients instead of the intended gnupg-devel. Here
is the message again on the right list)
I agree that GnuPG would benefit from preferring keys that are
available, both in the sense of different subkeys and different
smartcards with copies of the same subkey, in the sense you describe.
But let me pick out one detail you mentioned that is a different issue.
On 10/04/2019 09:38, Frederick Zhang via Gnupg-devel wrote:
> Currently "keytocard" replaces the keygrip with a shadow key (which I
> don't think works pretty intuitively in case of multiple smart cards,
> as it requires users to manually back up the subkey beforehand to
> transfer the same key to multiple cards)
It's less difficult than that. After a "keytocard", simply exit the
--edit-key interaction without saving, and the key will still be
on disk as well. So use "quit" or Ctrl-D rather than "save", and
confirm that you wish to exit without saving changes.
Not really intuitive, but less bothersome than backups and restores. I
think maybe "keytocard" should have an option to just leave it on disk
as well. And then you can just insert all your smartcards you want the
key on and "keytocard" them one after the other without exiting the
--edit-key menu.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190410/05ac3124/attachment-0001.sig>
More information about the Gnupg-devel
mailing list