Steps to reproduce
Open key management -> File -> Manage Smartcard -> SmartCard -> Generate Key
Have look at message following the process.
What it is doing
When generating keys on a smartcard (e.g. OpenPGP Card) there is a backup of keys proposed. This backup does only include the encryption subkey (as it is in GnuPGs 'generate' function, probably used here). However there is no note to make sure that the user is aware of this limitation.
What it is expected
The user should get informed that a) the created backup is a backup of the encryption subkey only thus leaving the restored key unable to sign or authenticate as before and b) the subkey will be created locally on the machine thus exposing it if the machine is compromised. This is not the case if all keys are created on-card (without backup function).
Thanks for your efforts!
Kind regards
Alex
Log in to post a comment.