restoring SmartCard key with off-card copy

Peter Lebbing peter at digitalbrains.com
Wed Oct 5 13:35:40 CEST 2011


On 05/10/11 13:17, Robert J. Hansen wrote:
> On 10/5/2011 5:31 AM, Laurent Jumet wrote:
>> In my opinion, a key-to-card key should *never* have an existent
>> backup.
>
> There are many other use cases similar to this in which it makes good
> sense to have certificates on hard drives as well as certificates on
> cards.  I'm sure that if you think about it for a while you'll come up
> with several other reasonable scenarios.

Apart from hard drives there's the backup in a safe.

And what about encrypted data? If your card fails, you have then simply lost all
data. The only options are backups, a second card, or multiple recipients of the
encrypted data. All are variations of a theme (multiple somethings) that do not
satisfy Laurent's "one man"/"one card".

So if the loss of all your encrypted data is an acceptable risk, then you can do
the "one card" thing. Otherwise, you'll have to compromise somewhere else.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list