On 2015-03-13 15:31, Brian Minton wrote:
If a key is generated externally, a backup can be taken before the
key
is moved to the card. For a key generated on the card, there is (by
design), no way to extract the secret key, including for the purpose
of
backing it up
When you ask GnuPG to create an on-card key, it will ask you whether
you want to keep a backup of the key or not.
If you choose to proceed without a backup, the key is generated
on-card. I consider this the inferior of the two methods because I trust
the RNG of Linux much more than I trust the RNG of a smartcard that
costs a few euros to produce.
If you choose to have a backup, GnuPG will create the key just as it
would for a normal on-disk key, and then upload that key to the
smartcard and keep a backup file. This thus uses the RNG of your PC; on
which I would be running Linux.
You could then discard the backup if you want to have the quality of
the RNG of the PC but don't want the backup.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
<http://digitalbrains.com/2012/openpgp-key-peter>
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
