| 1 |
On 2019-04-24 13:41, Rich Freeman wrote: |
| 2 |
|
| 3 |
> What is the recommended way to create an on-card key? |
| 4 |
|
| 5 |
I haven't got my NitroKey yet but between the specifications (which say |
| 6 |
NK2 can hold up to 3 private RSA keys) and my prior experience with |
| 7 |
OpenPGP smartcards (which have always had at most one slot each assigned |
| 8 |
to authentication, encryption and signing), chances are pretty high you |
| 9 |
cannot have two separate signing keys in hardware. If so, your best bet |
| 10 |
is probably to generate the primary key in software (preferably with |
| 11 |
usage bits stripped down so that it can ONLY be used for signing keys), |
| 12 |
generate hardware subkeys associated with it, then stash the private |
| 13 |
primary key away somewhere. |
| 14 |
|
| 15 |
-- |
| 16 |
MS |
Archives