Whishlist for next-gen card
NdK
ndk.clanbo at gmail.com
Fri Feb 20 17:21:57 CET 2015
Il 20/02/2015 16:07, Ville Määttä ha scritto:
>>>> 5 - possibility to export private keys to user-certified devices
>>>> That pretty much defeats the point of using a smart card in the first place.
>> That's not "uncontrolled export", and in fact…
>> …(snip)…
>> while importing a key (so that you "can't" alter -actually
>> it's just "really hard", but doing that should invalidate signatures on
>> your master key!- the policy by exporting from a device and importing on
>> another).
> There in lies the problem. It's really hard -> it's doable.
Yes, by someone who controls the trusted export key. On the other hand,
current method to generate on a "secure" system and move to card makes
it easy to lose control of the key.
> What is the use case that absolutely needs exportable master keys?
Safe key recovery in case sc gets damaged. With the current system you
have to always generate new keys on the "secure system" and store the
backup in a safe place that is *not* a smartcard.
BYtE,
Diego.
More information about the Gnupg-users
mailing list