OpenPGP card feature request: as many encryption-capable keys as technically possible

NdK ndk.clanbo at
Fri Aug 15 09:57:54 CEST 2014

Il 15/08/2014 02:18, Peter Lebbing ha scritto:

> The problem is expiring a encryption-capable subkey on an OpenPGP
> smartcard, replacing it with a new one.
> Currently, the OpenPGP smartcard only allows a single
> en-/decryption-capable key.
That's exactly why I started MyPGPid project. Too bad I've had no time
to develop it further :(
Hope I'll be able to return on it soon... Unless another (paid) project
steps in...

> Suppose after some time I decide an old key has seen it's useful
> lifetime. I'd like to create a new encryption-capable key. However, I
> definitely need to keep the old key, or I won't be able to see anything
> encrypted to me in the past.
Currently you have to generate your encryption key on the PC and copy it
to the card. So you have a copy to reuse.
Or just use multiple cards <BEG>

> The current OpenPGP smart card restricts me to a single key for
> encryption, a single key for signatures, and a single key for
> authentication. If it were possible to tell the card, on uploading the
> key, what that key's usage will be, I would be able to have a separate
> smartcard that decrypted the 3 OpenPGP subkeys I used for encryption
> previously. This instead of being forced to use 3 separate smartcards. I
> get the impression this is a relatively small change to the firmware of
> the smartcard, but a larger change to the software running on the PC.
On a 144K javacard, IIRC, I've been able to store 13 RSA-2048 encryption
keys. Plus master, signature and two auth keys (one reserved for
contactless auth).


More information about the Gnupg-users mailing list