Hi Marc, Am Donnerstag, 27. März 2008 14:50:33 schrieb Marc W. Abel: > Is this to say the card cannot accept any externally generated private > keys?
no. there is no tool to convert RSA keys in openssh format to RSA keys in pem format. that shouldn't be difficult to implement, but so far noone needed it and noone implemented it. [generating keys on card] there are different opinions on it, sure it is not a 0/1 decission, but a matter of trusting the card or the host software and other things. so people are free to implement the option they prefer. > Another excellent reason for not generating a key on a card is that I > cannot have a backup. well, with openssh and friends you can quite easily: put several keys into the .ssh/authorized_keys file. sure, that means an extra token / smart card plus pin in the safe, so in case your normal breaks you have a backup, thus costly, but such an approach has benefits as well. software keygen (e.g. openssl tools) and then storing the rsa key on one or several cards (and if you want a copy stored on a cd/whatever in the safe), is also fine. different people have different preferences, no big deal. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
