Primary and Signing Key on Different Smart Cards

Peter Lebbing peter at
Mon Nov 21 12:08:29 CET 2016

On 20/11/16 22:50, Anton Marchukov wrote:
> I think you will have to keep it as backup too in case you will want
> to add another smartcard with a new subkey to an existing key or not?

Oh, good point! Maybe it's possible without on-disk keys, I'll try it
out later. Otherwise: yes, it would be impossible to add new subkeys.

> Although if air gaped machine is secure then encrypting backup using
> the smartcard itself and removing the unencrypted copy will do the
> trick as well.

I'm not too sure about "removing the unencrypted copy", though. I'd much
rather not have the key hit the disk anyway. By using a Linux Live CD
and physically removing the cable from the hard disk.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list