Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ?
wk at gnupg.org
Mon Sep 28 09:34:28 CEST 2009
On Sun, 27 Sep 2009 20:59, tux.tsndcb at free.fr said:
> Thanks for your answer, I'm agree with you for sign key, but for the
> authentication key, if it's used to ssh server connection on more than
> 100 servers for the user root for example, if you lost this key, you
It is always a tradeoff between security and convenience. Most users
don't have access to that many machines and thus it is easier to use a
console login to replace the lost key than to have a backup somewhere
It is anyway only the default and you can just replace the
authentication key with an on-disk created one. Or manually initialize
the card using keytocard.
Another approach is to have a second card and also install its public
key on the servers.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users