Multiple Smartcards - Signing

Werner Koch wk at gnupg.org
Mon May 4 11:28:03 CEST 2015


On Sun,  3 May 2015 21:21, matt at monaco.cx said:

> I agree with a debug message. But in general I don't think a notification is so
> important because the selection algorithm is arbitrary anyway. E.g., why not
> strongest rather than newest?

What does "stronger" mean: 2k RSA on-card stronger than 4k on-disk.  2
year old 2k stronger than 5 year old 4k?

Using the newest key be default is the only non-surprising option.  It
is actually required to implement a key-rollover and was done for
encryption subkeys in preparation for a forward secrecy feature as
proposed by Ben Laurie and other in ~1999.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list