Hello Peter ! Peter Lebbing <pe...@digitalbrains.com> wrote:
> AFAIK, if you create a smartcard key with backup file, this is pretty much > equivalent: the key is created off-card by GnuPG, and uploaded to the card. > Only when you choose the option to create a smartcard key without backup > file will it get generated on card. I concluded this from reading the > OpenPGP Card spec: I don't see a possibility to generate an on-card key and > have the secret key material for the backup file, so the only possibility I > see is that the key is generated by GnuPG and then uploaded to the card. In my opinion, a key-to-card key should *never* have an existent backup. Purpose of cards is "one man"/"one card", as the card is supposed to identify the man for all purposes. If a backup exists somewhere, that means that *another card* could be emitted, and *another man" than you is walking somewhere and acting exactly as he was you... This is a very high risk. -- Laurent Jumet KeyID: 0xCFAF704C _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users