Enigmail speed geeking

Peter Lebbing peter at digitalbrains.com
Fri Mar 13 15:40:17 CET 2015

On 2015-03-13 15:31, Brian Minton wrote:
> If a key is generated externally, a backup can be taken before the 
> key
> is moved to the card.  For a key generated on the card, there is (by
> design), no way to extract the secret key, including for the purpose 
> of
> backing it up

When you ask GnuPG to create an on-card key, it will ask you whether 
you want to keep a backup of the key or not.

If you choose to proceed without a backup, the key is generated 
on-card. I consider this the inferior of the two methods because I trust 
the RNG of Linux much more than I trust the RNG of a smartcard that 
costs a few euros to produce.

If you choose to have a backup, GnuPG will create the key just as it 
would for a normal on-disk key, and then upload that key to the 
smartcard and keep a backup file. This thus uses the RNG of your PC; on 
which I would be running Linux.

You could then discard the backup if you want to have the quality of 
the RNG of the PC but don't want the backup.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

More information about the Gnupg-users mailing list