OpenPGP card feature request: as many encryption-capable keys as technically possible

Peter Lebbing peter at
Fri Aug 15 13:48:09 CEST 2014

On 15/08/14 13:10, Andreas Schwier wrote:
> I'd recommend it the other way around: Generate your keys on a smart
> card and have it securely exported into your backup.

> [...]

> So what is that assumption based on ? If you are using a hardware device
> that is certified as Secure Signature Creation Device under the Common
> Criteria scheme, then the quality of the random number generation is an
> important criteria in the evaluation (see for example AIS31 under the
> German CC scheme on the BSI website).

Please note I was specifically talking about the OpenPGP card as it is
now, not about smartcards or HSMs in general.

Obviously an HSM *can* have a really great hardware RNG. But they are
complex devices.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list