Smartcard Support, open system security, law,( certificate sig removed)
Sun Aug 24 18:47:02 2003
Content-Description: signed data
On Sunday 24 Aug 2003 4:01 pm, Erwan David wrote:
> Le Sun 24/08/2003, Werner Koch disait
> > On Fri, 22 Aug 2003 10:07:02 +0200 (MET DST), Johan Wevers said:
> > >> revevealed to anyone; your own smartcard contains your own key - why
> > >> would you want to crack the card then?
> > >
> > > Not you, but an attacker who finds or steals the card would.
> > Thats for what revocations are used for.
> If your private key is on the card and you loose the card, then you
> cannot issue a revocation, since you need the private key.
You should have a revocation certificate safely stored away BEFORE you put =
private key on any 'removable' medium. The certificate is then imported int=
the PUBLIC key and sent to keyservers. Job Done. That's why the revocation=
certificate needs to be protected as well / better than your private key.
" anybody can publish the revocation certificate and render the correspondi=
public key useless."
You need the private key to generate the revocation certificate, but not to=
use it. So generate first.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----