Smartcard Support, open system security, law,( certificate sig removed)

Neil Williams
Sun Aug 24 18:47:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 24 Aug 2003 4:01 pm, Erwan David wrote:
> Le Sun 24/08/2003, Werner Koch disait
> > On Fri, 22 Aug 2003 10:07:02 +0200 (MET DST), Johan Wevers said:
> > >> revevealed to anyone; your own smartcard contains your own key - why
> > >> would you want to crack the card then?
> > >
> > > Not you, but an attacker who finds or steals the card would.
> >
> > Thats for what revocations are used for.
> If your private key is on the card and you loose the card, then you
> cannot issue a revocation, since you need the private key.

You should have a revocation certificate safely stored away BEFORE you put =
private key on any 'removable' medium. The certificate is then imported int=
the PUBLIC key and sent to keyservers. Job Done. That's why the revocation=
certificate needs to be protected as well / better than your private key.

" anybody can publish the revocation certificate and render the correspondi=
public key useless."

You need the private key to generate the revocation certificate, but not to=
use it. So generate first.


Neil Williams

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)