recommended way to use several smartcards with the same private key

Ingo Klöcker kloecker at kde.org
Mon Mar 29 22:52:53 CEST 2021


On Montag, 29. März 2021 15:09:02 CEST J Rt via Gnupg-users wrote:
> Hi all,
> 
> I am using several smartcards with the same private key for redundancy in
> case I lose one of them. I have been doing so for several years, and
> occasionally changing which card I use has always been a bit of a hazzle
> (in the lines of for example the discussion here:
> https://sven-seeberg.de/wp/?p=967 ).
> 
> This is not a super big deal, I can fix this easily with a method similar
> to what is explained on the blog, but still, it is a bit annoying to need
> to fix things by hand.
> 
> My questions are:
> 
> - is there a better / simpler way to register several cards that are
> interchangeable?
> - if not, any hope this may be added some day / where could I ask for such
> a feature / is there some WIP already working on this?

The upcoming GnuPG 2.3 (which is currently in beta testing) supports using 
several smartcards with the same private key. gpg simply checks if any of the 
inserted smartcards provide the secret key and then uses this smartcard. If no 
inserted smartcard provides the secret key, then gpg will ask for the 
smartcard registered in the stub file. But you can insert any card providing 
the key. gpg does not insist on using the smartcard listed in the stub file.

This may or may not work with a recent version of gpg 2.2 already because 
quite a few things were backported to the 2.2 series.

What gpg 2.3 does not do is register multiple smartcards in the stub files 
and, consequently, gpg does not ask for all smartcards that provide the secret 
key. It's up to you to keep track of which of your multiple smartcards provide 
the needed secret key.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210329/f83469ee/attachment.sig>


More information about the Gnupg-users mailing list