Key Generation on Device¶

Pros¶

key never leaves the device
very easy setup, e.g. integrated in Enigmail

Cons¶

backup possible on generation if at all?
entropy and RNG on device need to be trustworthy (often issues)
recent Infineon RSA key issues can also weaken such generated keys [1], [2]

How¶

# start the edit of the smartcard
gpg2 --card-edit

generate

Notes¶

The GPG manual on --card-edit lists the possibility to store a off-device backup on generate. Unclear: Is this possible with all devices?

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.