Whishlist for next-gen card

Joey Castillo jose.castillo at gmail.com
Thu Mar 12 19:36:53 CET 2015

> On 20/02/15 09:32, NdK wrote:
> > 1 - support for more keys (expired ENC keys, multiple signature keys)

At the very least, adding expired ENC keys to the card spec is a really
great suggestion. I'm trying to pitch people on using smart cards to secure
their email, and one common question I get is "What happens if I lose my
card?" Telling them they have to generate a new key is a bitter pill if it
means they can't decrypt their old emails.

This feature is not without precedent; the NIST standard for CAC/PIV cards
includes fields for 20 retired "key management" keys, which are used to
decrypt old messages. [1] I think this one feature would go a long way to
making smart cards a more accessible solution for everyday use.

in item 2.4.7, "Key History Object".


Joey Castillo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150312/118e9b33/attachment.html>

More information about the Gnupg-users mailing list