Storing key on multiple smartcards

Peter Lebbing peter at digitalbrains.com
Wed Apr 10 11:45:08 CEST 2019


I agree that GnuPG would benefit from preferring keys that are
available, both in the sense of different subkeys and different
smartcards with copies of the same subkey, in the sense you describe.
But let me pick out one detail you mentioned that is a different issue.

On 10/04/2019 09:38, Frederick Zhang via Gnupg-devel wrote:
> Currently "keytocard" replaces the keygrip with a shadow key (which I
> don't think works pretty intuitively in case of multiple smart cards,
> as it requires users to manually back up the subkey beforehand to
> transfer the same key to multiple cards)

It's less difficult than that. After a "keytocard", simply exit the
--edit-key interaction without saving, and the key will still be
on disk as well. So use "quit" or Ctrl-D rather than "save", and
confirm that you wish to exit without saving changes.

Not really intuitive, but less bothersome than backups and restores. I
think maybe "keytocard" should have an option to just leave it on disk
as well. And then you can just insert all your smartcards you want the
key on and "keytocard" them one after the other without exiting the
--edit-key menu.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190410/73a0200b/attachment-0001.sig>


More information about the Gnupg-users mailing list