Hi Malcolm and Tsu and thanks again.

I think Tsu reflects the difficulties I have found in using the Nitrokey instructions on their website including the absence of a blow by blow instruction for using pam_p11 on the Nitrokey Storage device and the fact that the Nitrokey instructions link for pam_p11 takes me to pam_pkcs11.

I am advised pam_pkcs11 can deal with either gpg type authorisation keys and X.509 cerificates, I have concluded however, given that poldi is not in openSUSE repo and receives little and infrequent support and I know nothing of the differences between pam_pkcs11 and pam_p11 that I would be better advised to stay with pam_p11. I see that poldi has now been built on openSUSE for which very many thanks, I may need to come back to that but will try first with pam_p11.

If I use the initial Nitrokey instructions for Key Creation with OpenPGP I can either generate keys on the Nitrokey device or generate them locally and copy them to the Nitrokey device. Before making this decision I have a question;

I already have a working key pair on my keyring so should I copy this keypair and required subkeys to the Nitrokey or would I be better starting afresh and not interfering with the existing key pair already in use.

If I start by creating a new key pair will this cause confusion with existing keys or would it be better to use the new keypair only for the Nitrokey login use.