How do I make the private key on a OpenPGP smartcard non exportable ?
ndk.clanbo at gmail.com
Sat Jun 22 15:03:21 CEST 2013
Il 22/06/2013 09:35, Heinz Diehl ha scritto:
> The whole point with a smartcard is that it's a lot easier to memorize
> the PIN than a long and complicated passphrase, and that the private
> key can't be exported. If it can, there's no need for a smartcard.
I quite disagree, here.
A smartcard could be useful anyway, at least as a "portable keyring" (if
it didn't need initialization on every machine...).
And key export could be controlled (like in MyPGPid card): private keys
can only leave the card encrypted under "certified" keys.
BTW, for the really "paranoid", readers with an integrated pinpad are
available: the PC never sees the PIN, so no installed sw can spoof it.
(even if what I'd prefer is a card w/ both a pinpad and a display...).
More information about the Gnupg-users