OpenPGP card feature request: as many encryption-capable keys as technically possible

Peter Lebbing peter at
Fri Aug 15 12:31:44 CEST 2014

On 15/08/14 09:57, NdK wrote:
> Currently you have to generate your encryption key on the PC and copy it
> to the card. So you have a copy to reuse.

I don't think you *have* to, but it is certainly something I'd
recommend. If the only existing copy is on one smartcard[1], and that
smartcard breaks... for signature keys, not a problem at all. For
primary keys pretty inconvenient. For encryption keys... data loss of
all your encrypted data: huge.

But you choose a smartcard for the properties that make it different
than an on-disk key. If you then start keeping all your previous,
expired encryption subkeys as on-disk keys, you defeat the purpose to a
large extent.

So if you had a smartcard with a lot of storage, you could copy the key
material of your old keys, taken from your secure backup, to the card
and keep on using a card to work with the keys.

Hope that clarifies it,


[1] Additionally, for on-card generated keys, the built-in hardware
random number generator is used as the only source of randomness. I've
understood that the quality of that RNG isn't up to par with GnuPG on a PC.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list