restoring SmartCard key with off-card copy
peter at digitalbrains.com
Wed Oct 5 13:35:40 CEST 2011
On 05/10/11 13:17, Robert J. Hansen wrote:
> On 10/5/2011 5:31 AM, Laurent Jumet wrote:
>> In my opinion, a key-to-card key should *never* have an existent
> There are many other use cases similar to this in which it makes good
> sense to have certificates on hard drives as well as certificates on
> cards. I'm sure that if you think about it for a while you'll come up
> with several other reasonable scenarios.
Apart from hard drives there's the backup in a safe.
And what about encrypted data? If your card fails, you have then simply lost all
data. The only options are backups, a second card, or multiple recipients of the
encrypted data. All are variations of a theme (multiple somethings) that do not
satisfy Laurent's "one man"/"one card".
So if the loss of all your encrypted data is an acceptable risk, then you can do
the "one card" thing. Otherwise, you'll have to compromise somewhere else.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
More information about the Gnupg-users