OpenPGP card feature request: as many encryption-capable keys as technically possible

Andreas Schwier at
Fri Aug 15 13:10:14 CEST 2014

On 08/15/2014 12:31 PM, Peter Lebbing wrote:
> On 15/08/14 09:57, NdK wrote:
>> Currently you have to generate your encryption key on the PC and copy it
>> to the card. So you have a copy to reuse.
> I don't think you *have* to, but it is certainly something I'd
> recommend. If the only existing copy is on one smartcard[1], and that
> smartcard breaks... for signature keys, not a problem at all. For
> primary keys pretty inconvenient. For encryption keys... data loss of
> all your encrypted data: huge.
> But you choose a smartcard for the properties that make it different
> than an on-disk key. If you then start keeping all your previous,
> expired encryption subkeys as on-disk keys, you defeat the purpose to a
> large extent.
> So if you had a smartcard with a lot of storage, you could copy the key
> material of your old keys, taken from your secure backup, to the card
> and keep on using a card to work with the keys.
I'd recommend it the other way around: Generate your keys on a smart
card and have it securely exported into your backup. We do that with the
SmartCard-HSM using the Device Key Encryption Key (DKEK) for export and
import of sensitive material. Because there is a key management
procedure around the DKEK (key shares, n-of-m threshold scheme) you can
backup the encrypted keys wherever you find convenient.

Restoring your keys starts with establishing a new smart card with the
same DKEK and then import required key material into it.
> Hope that clarifies it,
> Peter.
> [1] Additionally, for on-card generated keys, the built-in hardware
> random number generator is used as the only source of randomness. I've
> understood that the quality of that RNG isn't up to par with GnuPG on a PC.
So what is that assumption based on ? If you are using a hardware device
that is certified as Secure Signature Creation Device under the Common
Criteria scheme, then the quality of the random number generation is an
important criteria in the evaluation (see for example AIS31 under the
German CC scheme on the BSI website).


More information about the Gnupg-users mailing list