Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ?

tux.tsndcb at free.fr tux.tsndcb at free.fr
Mon Sep 28 11:22:57 CEST 2009


Hi Werner,

Thanks for these informations.

Best Regards


----- Mail Original -----
De: "Werner Koch" <wk at gnupg.org>
À: "tux tsndcb" <tux.tsndcb at free.fr>
Cc: gnupg-users at gnupg.org
Envoyé: Lundi 28 Septembre 2009 09h34:28 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: Why a full keys and sub keys backup are not proposed when keys and sub keys are done "on-card" ?

On Sun, 27 Sep 2009 20:59, tux.tsndcb at free.fr said:

> Thanks for your answer, I'm agree with you for sign key, but for the
> authentication key, if it's used to ssh server connection on more than
> 100 servers for the user root for example, if you lost this key, you

It is always a tradeoff between security and convenience.  Most users
don't have access to that many machines and thus it is easier to use a
console login to replace the lost key than to have a backup somewhere
floating around.

It is anyway only the default and you can just replace the
authentication key with an on-disk created one.  Or manually initialize
the card using keytocard.

Another approach is to have a second card and also install its public
key on the servers.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list