Storing key on multiple smartcards

Peter Lebbing peter at
Wed Apr 10 16:42:39 CEST 2019

On 10/04/2019 16:22, Frederick Zhang wrote:
> So I strongly agree keytocard should, even by default, leave the
> originals untouched, and perhaps instruct users to move the keygrip to a
> safe place afterwards.

People move their keys to a card because they do not want the key to be
on disk for whatever reason. Leaving them on the disk by default might
be surprising to them and potentially harmful.

I'd rather propose that the default is that "keytocard" shows a warning

| Warning: moving the key to card will remove it from disk. It is not
| possible to get the private key out of the card again. If this is not
| what is intended, supply the '--keep' option to 'keytocard' to keep the
| key stored on disk as well. Continue? (y/N)

And obviously that option needs to be implemented as well. This is just
a first setup for the precise message to convey my intention.

Everybody should have a backup of their encryption key, but still,
throwing it away when the user might not expect it on 'keytocard' might
be a bad idea (this is what we do now!). Primary keys are not quite as
bad as that, but still.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list