Best practice for periodic key change?

Jerome Baum jerome at
Tue May 10 07:35:37 CEST 2011

On Tue, May 10, 2011 at 07:30, Grant Olson <kgo at> wrote:

> But there's no way to prove that the keys were originally generated
> on-card, and weren't imported from a software private key where there
> was never a separate master certification key.

AFAIK, the CAs over here will just supply a card. There is no question of
whether the key is generated on-card or not -- the CA confirms this
implicitly with their certification of "this is a valid signing key per
applicable signature laws".

Jerome Baum

tel +49-1578-8434336
email jerome at
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110510/aebba3fb/attachment-0001.htm>

More information about the Gnupg-users mailing list