Best practice for periodic key change?

Daniel Kahn Gillmor dkg at
Tue May 10 06:41:09 CEST 2011

On 05/10/2011 12:32 AM, Jerome Baum wrote:
> Is that an implementation problem? i.e. is it possible to write an
> implementation that does distinguish, or is it technically impossible w/out
> processing the entire data on-card?

As i understand the process, i think it would be necessary to pass all
the data through the card in order to for the card to know which type of
signature it was making.

I know nothing of the details of how these cards are implemented,
though.  Maybe they do this already?  it seems like performance would be
problematic if you were signing something like a multi-MiB document,
given the speed of most smartcards.

Maybe one of the folks with experience implementing these devices can
give more concrete details?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110510/0731b3a8/attachment.pgp>

More information about the Gnupg-users mailing list