OpenPGP cards and on-device subkeys

Sam Pablo Kuper sampablokuper at riseup.net
Sat Feb 6 19:40:55 CET 2016


On 06/02/16 11:43, Eugene Stanley wrote:
> I would like to know if it's possible to obtain a setup like the following:
> 
> * master key on an OpenPGP smartcard

Yes. It would go in the signing key slot.

> * an encryption subkey both on smartcard and on disk (laptop, phone etc)

Yes.

> * a signing subkey both on smartcard and on disk (laptop, phone etc)

Yes, but not on the same OpenPGP smart card as the master key, as
OpenPGP smart cards only have space for one signing key.

> In [this] scenario one would be able to revoke the subkeys and
> generate new, without using an off-card copy of the master key

I believe that is correct. Someone with more experience may want to
verify this.

- spk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160206/154d4992/attachment.sig>


More information about the Gnupg-users mailing list