Multiple Smartcards - Signing

Werner Koch wk at
Mon May 4 11:28:03 CEST 2015

On Sun,  3 May 2015 21:21, matt at said:

> I agree with a debug message. But in general I don't think a notification is so
> important because the selection algorithm is arbitrary anyway. E.g., why not
> strongest rather than newest?

What does "stronger" mean: 2k RSA on-card stronger than 4k on-disk.  2
year old 2k stronger than 5 year old 4k?

Using the newest key be default is the only non-surprising option.  It
is actually required to implement a key-rollover and was done for
encryption subkeys in preparation for a forward secrecy feature as
proposed by Ben Laurie and other in ~1999.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list