Hello. I did some research myself and came to conclusion that this is not supported. Was about to submit a feature request, but it is better to ask for help here first.
The use case that I want to implement is the following: 1. I have an OpenPGP v2 smart card (regular plastic card) where I want to store my primary key with keys enabled for certification, encryption, signing and authentication. This is physical smart card that I am going to connect and use only when I certify other keys and if I get encrypted mail. This happens not that often, so it is ok to keep the card disconnected till it is needed. 2. But contrary to most smart card manual recommendations, I do not want any of my secret keys to be ever copied anywhere off the card. This is because this way I can be relatively sure that the only way to use the key is by physical presence of the smartcard. I understand that I will loose my key if I loose smartcard, but since those certification and encryption operations are not that often made I accept this risk as rather low. 3. Now, the most often operation done for me is signing. And for that I want to have a signing only subkey stored on my Yubikey nano - a tiny device that permanently seats in the usb port of my computer and that implements OpenPGP v2 card inside. Since it supports presence check (you need to touch it to confirm cryptographic operation) I find it secure enough to be always connected for signing purposes. This is because if my computer is tampered with I will not be sure about the content of what I sign anyway as it might be forged when I look onto it. So I assume that it is secure and then care only that physical presence is required and that it is not possible to copy the secret key out. The only problem is that it is possible to hijack the PIN first and then the device, but I will revoke this subkey using the primary smartcard if that happens. Good enough for me. Now based on my review I have found the situation in gpg2 to be the following: 1. Using multiple smartcards at the same time is not properly supported. As I have found using homedir hacks you can essentially have two gpg profiles each of them using different cards, but 2. it will not be possible to use keys on two cards together and thus I will not be able to generate subkey for card in [3] using key stored on card in [1] 3. unless I temporarily copy the secret key from [1] to the file at the time of generation, but this will violate requirement [2] and also if I delete secret key copy I will not be able to generate other subkeys for other smartcards in future. Anything that I have missed or thoughts? Does this request make sense? Also as I see that with currently supported features, the best way to proceed is to give up using a smartcard for the primary key [1] and use airgapped machine with file based key instead. This is basically what I have now. Anton. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
