Using smart card to access encrypted secret keyring
mikeb at mikebanahan.com
mikeb at mikebanahan.com
Thu Dec 4 20:32:36 CET 2008
I apologise if this subject has been discussed before but I'm new to the list.
Having recently figured out what the objective of the Gnu smartcard is (and been pleased
by how easy it is to use) I note one or two deficiencies in it from my persepctive.
The most obvious is that I have already got significant investment in my primary key
which is DSA not RSA and therefore can never be moved to the card. It also has a number of
subkeys which remain in use and they are not suitable for the card either.
Also I have several other secret keys used for varying roles - personal, business, hobby and so on.
The card does not assist with these.
However, if I could encrypt my secret keyring using the card key and then use those keys
simply by inserting the card and entering its pin (i.e. the encrypted secret keyring is
decrypted by gnupg for me) that would greatly assist. That would reduce the risks in having
those keys on a less secure computer since they would be doubly protected; once by encryption
and again by their passphrases.
I'm tempted to implement this to see how hard it would be to do - probably as read-only to begin
with, on the grounds that if I want to edit the secret keyring it should be done elsewhere, treating
the encrypted version as a read-only version.
However I suspect that there are people using this list who are considerably smarter than I am
so I would welcome comments on the value of my idea before I get over-excited about it.
Best wishes,
Mike Banahan
More information about the Gnupg-devel
mailing list