Enigmail speed geeking
Peter Lebbing
peter at digitalbrains.com
Fri Mar 13 15:40:17 CET 2015
On 2015-03-13 15:31, Brian Minton wrote:
> If a key is generated externally, a backup can be taken before the
> key
> is moved to the card. For a key generated on the card, there is (by
> design), no way to extract the secret key, including for the purpose
> of
> backing it up
When you ask GnuPG to create an on-card key, it will ask you whether
you want to keep a backup of the key or not.
If you choose to proceed without a backup, the key is generated
on-card. I consider this the inferior of the two methods because I trust
the RNG of Linux much more than I trust the RNG of a smartcard that
costs a few euros to produce.
If you choose to have a backup, GnuPG will create the key just as it
would for a normal on-disk key, and then upload that key to the
smartcard and keep a backup file. This thus uses the RNG of your PC; on
which I would be running Linux.
You could then discard the backup if you want to have the quality of
the RNG of the PC but don't want the backup.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
<http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list