OpenPGP card feature request: as many encryption-capable keys as technically possible
Peter Lebbing
peter at digitalbrains.com
Fri Aug 15 13:48:09 CEST 2014
On 15/08/14 13:10, Andreas Schwier wrote:
> I'd recommend it the other way around: Generate your keys on a smart
> card and have it securely exported into your backup.
> [...]
> So what is that assumption based on ? If you are using a hardware device
> that is certified as Secure Signature Creation Device under the Common
> Criteria scheme, then the quality of the random number generation is an
> important criteria in the evaluation (see for example AIS31 under the
> German CC scheme on the BSI website).
Please note I was specifically talking about the OpenPGP card as it is
now, not about smartcards or HSMs in general.
Obviously an HSM *can* have a really great hardware RNG. But they are
complex devices.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list