recommended way to use several smartcards with the same private key

J Rt jean.rblt at gmail.com
Tue Mar 30 08:56:32 CEST 2021


On Mon, Mar 29, 2021 at 11:08 PM Ingo Klöcker <kloecker at kde.org> wrote:

> On Montag, 29. März 2021 15:09:02 CEST J Rt via Gnupg-users wrote:
> > Hi all,
> >
> > I am using several smartcards with the same private key for redundancy in
> > case I lose one of them. I have been doing so for several years, and
> > occasionally changing which card I use has always been a bit of a hazzle
> > (in the lines of for example the discussion here:
> > https://sven-seeberg.de/wp/?p=967 ).
> >
> > This is not a super big deal, I can fix this easily with a method similar
> > to what is explained on the blog, but still, it is a bit annoying to need
> > to fix things by hand.
> >
> > My questions are:
> >
> > - is there a better / simpler way to register several cards that are
> > interchangeable?
> > - if not, any hope this may be added some day / where could I ask for
> such
> > a feature / is there some WIP already working on this?
>
> The upcoming GnuPG 2.3 (which is currently in beta testing) supports using
> several smartcards with the same private key. gpg simply checks if any of
> the
> inserted smartcards provide the secret key and then uses this smartcard.
> If no
> inserted smartcard provides the secret key, then gpg will ask for the
> smartcard registered in the stub file. But you can insert any card
> providing
> the key. gpg does not insist on using the smartcard listed in the stub
> file.
>
> This may or may not work with a recent version of gpg 2.2 already because
> quite a few things were backported to the 2.2 series.
>
> What gpg 2.3 does not do is register multiple smartcards in the stub files
> and, consequently, gpg does not ask for all smartcards that provide the
> secret
> key. It's up to you to keep track of which of your multiple smartcards
> provide
> the needed secret key.
>
> Regards,
> Ingo
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


Ok, many thanks for the explanation! Then this means that I should "just"
wait for 2.3 :) . Hope this
comes to the next Ubuntu LTS release :) .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210330/4e95a5fb/attachment.html>


More information about the Gnupg-users mailing list