gnupg-pkcs11 status & future

Werner Koch wk at gnupg.org
Fri Feb 26 15:18:55 CET 2016


On Fri, 26 Feb 2016 14:31, ndk.clanbo at gmail.com said:

> same) "problem" with having only 3 keypairs (for example I can't rotate
> encryption key every year unless I'm prepared to have a different card
> per year).

Wy do you want to rotate keys and still keep all the old keys on your
smartcard?  Rotating does only make sense if you take the old key
soon offline.  I can thus see the reason for one additional key on the
card so that it is possible to decrypt with the old or the new key for
some time.  Then delete the old key from the card.

In any case you need to load the keys onto the card and don't have the
card create the key.  Smartcards may break and then you would not be
able to decrypt anything if you don't have an offline backup the key.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list