Why trust gpg4win?

Laurent Jumet laurent.jumet at skynet.be
Sun Aug 25 10:49:53 CEST 2013

Hello Pete !

Pete Stephenson <pete at heypete.com> wrote:

> The easiest and least-expensive solution to this situation is using
> smartcards: http://g10code.com/p-card.html -- the private key is kept
> securely on the smartcard. Any private-key operations (i.e. signing or
> decrypting) are handled on-card and the private key is not accessible
> to the computer. You could, of course, generate the key on an offline
> computer and then transfer it to the smartcard and keep an offline
> backup (that's what I do) rather than having the key generated
> entirely on-card with no backup (which is an option).

    This is only relevant (I mean existent backup) for keys that are used as a tool: 
you need a screwdriver for that caregory of screws.
    But if smartcard identifys *you*, backup means that there is a second Pete 
Stephenson on the Earth, that can sign, certify and so on. Forensic issues can be hard
to break...

Laurent Jumet
      KeyID: 0xCFAF704C

More information about the Gnupg-users mailing list