recommended way to use several smartcards with the same private key
Ingo Klöcker
kloecker at kde.org
Mon Mar 29 22:52:53 CEST 2021
On Montag, 29. März 2021 15:09:02 CEST J Rt via Gnupg-users wrote:
> Hi all,
>
> I am using several smartcards with the same private key for redundancy in
> case I lose one of them. I have been doing so for several years, and
> occasionally changing which card I use has always been a bit of a hazzle
> (in the lines of for example the discussion here:
> https://sven-seeberg.de/wp/?p=967 ).
>
> This is not a super big deal, I can fix this easily with a method similar
> to what is explained on the blog, but still, it is a bit annoying to need
> to fix things by hand.
>
> My questions are:
>
> - is there a better / simpler way to register several cards that are
> interchangeable?
> - if not, any hope this may be added some day / where could I ask for such
> a feature / is there some WIP already working on this?
The upcoming GnuPG 2.3 (which is currently in beta testing) supports using
several smartcards with the same private key. gpg simply checks if any of the
inserted smartcards provide the secret key and then uses this smartcard. If no
inserted smartcard provides the secret key, then gpg will ask for the
smartcard registered in the stub file. But you can insert any card providing
the key. gpg does not insist on using the smartcard listed in the stub file.
This may or may not work with a recent version of gpg 2.2 already because
quite a few things were backported to the 2.2 series.
What gpg 2.3 does not do is register multiple smartcards in the stub files
and, consequently, gpg does not ask for all smartcards that provide the secret
key. It's up to you to keep track of which of your multiple smartcards provide
the needed secret key.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210329/f83469ee/attachment.sig>
More information about the Gnupg-users
mailing list