Hello Pete ! Pete Stephenson <p...@heypete.com> wrote:
> The easiest and least-expensive solution to this situation is using > smartcards: http://g10code.com/p-card.html -- the private key is kept > securely on the smartcard. Any private-key operations (i.e. signing or > decrypting) are handled on-card and the private key is not accessible > to the computer. You could, of course, generate the key on an offline > computer and then transfer it to the smartcard and keep an offline > backup (that's what I do) rather than having the key generated > entirely on-card with no backup (which is an option). This is only relevant (I mean existent backup) for keys that are used as a tool: you need a screwdriver for that caregory of screws. But if smartcard identifys *you*, backup means that there is a second Pete Stephenson on the Earth, that can sign, certify and so on. Forensic issues can be hard to break... -- Laurent Jumet KeyID: 0xCFAF704C _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users