restoring SmartCard key with off-card copy
Laurent Jumet
laurent.jumet at skynet.be
Wed Oct 5 11:31:37 CEST 2011
Hello Peter !
Peter Lebbing <peter at digitalbrains.com> wrote:
> AFAIK, if you create a smartcard key with backup file, this is pretty much
> equivalent: the key is created off-card by GnuPG, and uploaded to the card.
> Only when you choose the option to create a smartcard key without backup
> file will it get generated on card. I concluded this from reading the
> OpenPGP Card spec: I don't see a possibility to generate an on-card key and
> have the secret key material for the backup file, so the only possibility I
> see is that the key is generated by GnuPG and then uploaded to the card.
In my opinion, a key-to-card key should *never* have an existent backup.
Purpose of cards is "one man"/"one card", as the card is supposed to identify the man for all purposes. If a backup exists somewhere, that means that *another card* could be emitted, and *another man" than you is walking somewhere and acting exactly as he was you...
This is a very high risk.
--
Laurent Jumet
KeyID: 0xCFAF704C
More information about the Gnupg-users
mailing list