Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ?
tux.tsndcb at free.fr
tux.tsndcb at free.fr
Mon Sep 28 11:22:57 CEST 2009
Hi Werner,
Thanks for these informations.
Best Regards
----- Mail Original -----
De: "Werner Koch" <wk at gnupg.org>
À: "tux tsndcb" <tux.tsndcb at free.fr>
Cc: gnupg-users at gnupg.org
Envoyé: Lundi 28 Septembre 2009 09h34:28 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ?
On Sun, 27 Sep 2009 20:59, tux.tsndcb at free.fr said:
> Thanks for your answer, I'm agree with you for sign key, but for the
> authentication key, if it's used to ssh server connection on more than
> 100 servers for the user root for example, if you lost this key, you
It is always a tradeoff between security and convenience. Most users
don't have access to that many machines and thus it is easier to use a
console login to replace the lost key than to have a backup somewhere
floating around.
It is anyway only the default and you can just replace the
authentication key with an on-disk created one. Or manually initialize
the card using keytocard.
Another approach is to have a second card and also install its public
key on the servers.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list