This application implements "The OpenPGP card" specification revision 3.0. This specification is available in doc directory and at https://g10code.com/p-card.html .
This application implements "The OpenPGP card" specification revision 3.3. This specification is available in doc directory and at https://g10code.com/p-card.html .
The application supports:
@ -169,7 +169,6 @@ The full menu layout is :
| RSA 3072
| RSA 4096
| NIST P256
| Brainpool 256R1
| ED25519
| Set Template
| Seed mode
@ -195,6 +194,7 @@ The full menu layout is :
| A "**+**" after the entry label means current value.
Device Info
-------------
@ -213,6 +213,8 @@ encode the current slot value.
Select Slot
-------------
This menu is only available on ``XL`` version
A Slot is a set of
three key pairs *Signature, Decryption, Authentication* as defined by gnupg
specification.
@ -264,7 +266,6 @@ Supported curve name are:
- secp256k1 with tag 19
- nistp256 with tag 19
- brainpoolP256r1 with tag 19
- cv25519 (only for key 2)
- ed25519 with tag 22 (only for key 1 and 3)
@ -860,8 +861,8 @@ generate the two other under a new identity and will erase existing keys
on the current slot on the device.
Nevertheless, if you want to use a different identity for ssh login, you can use
another slot on the device. See `Nano S OpenPGP Card application explained`_
and `Generate new key pair`_.
another slot on the device. See `Nano S OpenPGP Card application explained`
and `Generate new key pair`.
Add sub-key
@ -1078,6 +1079,166 @@ Now, if everything is correctly setup and running, an ``ssh-add -l`` should sho
And you should be able to ssh to your remote server with your gpg key!
Backup and Restore
------------------
Introduction
~~~~~~~~~~~~
"The OpenPGP card" specification does not provide any mechanism for backuping you key.
Thus if you generate your keys on device and loose it, you definitively loose you private key.
In order to avoid such extreme panic situation, a backup/restore mechanism is provided.
At any time you can backup a snapshot of your device data, including your private keys.
All public data are retrieve in clear form. The private key are stored
encrypted with a key derived from your seed, i.e. from your 24 BIP words.
The backup/restore tool is located in ``pytools`` directory: