Keyring management with multiple smart cards

Louis Opter louis at opter.org
Mon Dec 17 03:28:19 CET 2018


On Sat, Dec 15, 2018, at 12:53 AM, Wiktor Kwapisiewicz wrote:
> 1. I use one smartcard as a primary device so T2291 isn't that critical, if that
> one fails I can just remove shadow files and --card-status a new card, it will
> work. That doesn't happen frequently so manual removal of shadow file is not a
> big problem (but it would be nice if the shadow files supported multiple card
> serial numbers!).

Where is the procedure to remove shadow files documented? I found this to be
confusing to do, hence why I favored different subkeys for different smartcards.

> One signing subkey per smartcard is fine as they're bound to the same primary
> key (but if you're not using expiration users can get some interesting behavior
> like [1]).
>
> [1]: https://www.reddit.com/r/tails/comments/9rchgi/

Thanks for the tip! I have an expiration date set on all my keys.

Thank you very much for your feedback Wiktor!

-- 
Louis Opter



More information about the Gnupg-users mailing list