I have a USB device that feeds high-quality random data directly into the linux kernel entropy pool. Will the Crypto-stick use this when generating keys on the card, or should I just generate subkeys off the card, keytocard them, and then delete the originals? Where is the crypto-stick getting its entropy for creating keys?
Two options exist to generate keys with the Crypto Stick:
A) Generate keys directly on the device. In this case its own true random generator is used. However, in order to allow backups, I recommend the second option:
B) Generate keys on the computer and import them afterwards. It sounds more difficult than it is. Actually in GnuPG you just need to enable the option of creating backup keys while generating the keys “as normal” on the device. In this case the computer’s random source is used (e.g. /dev/random).