what are the sub keys

Jerome Baum jerome at jeromebaum.com
Tue Mar 22 23:37:21 CET 2011

Grant Olson <kgo at grant-olson.net> writes:

> On 03/22/2011 05:22 PM, Jerome Baum wrote:
>> Are  you talking  about the  option of  moving a  key to  a  smart card?
>> Because  if  I  generate  it   on-card,  I  won't  have  the  option  of
>> RSA-4096. And will "average Joe" really  move his key to a smart card if
>> he  generated  it off  card?   And does  that  actually  make any  sense
>> considering it wasn't originally generated on-card?
> Plenty of people move existing keys to smart cards.  Generating a key
> on-board is more secure, but then you're left dealing with two keys.
> The old software one, and the new smart card one.  And if you've still
> got an old software key to deal with, then what's the benefit of a smart
> card anyway?  And the new key doesn't have any of your existing signatures.

So, I move  my key to a smart  card to gain the illusion  that it's more
secure, while it practically isn't (at least not much more).

Personally,  I'd generate  one  on-card  and sign  it  with my  off-card
key. Then collect new signatures on the on-card key.

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/f810caa9/attachment.pgp>

More information about the Gnupg-users mailing list