1 |
On 2019-04-24 13:41, Rich Freeman wrote: |
2 |
|
3 |
> What is the recommended way to create an on-card key? |
4 |
|
5 |
I haven't got my NitroKey yet but between the specifications (which say |
6 |
NK2 can hold up to 3 private RSA keys) and my prior experience with |
7 |
OpenPGP smartcards (which have always had at most one slot each assigned |
8 |
to authentication, encryption and signing), chances are pretty high you |
9 |
cannot have two separate signing keys in hardware. If so, your best bet |
10 |
is probably to generate the primary key in software (preferably with |
11 |
usage bits stripped down so that it can ONLY be used for signing keys), |
12 |
generate hardware subkeys associated with it, then stash the private |
13 |
primary key away somewhere. |
14 |
|
15 |
-- |
16 |
MS |