what are the sub keys
Jerome Baum
jerome at jeromebaum.com
Tue Mar 22 23:37:21 CET 2011
Grant Olson <kgo at grant-olson.net> writes:
> On 03/22/2011 05:22 PM, Jerome Baum wrote:
>>
>> Are you talking about the option of moving a key to a smart card?
>> Because if I generate it on-card, I won't have the option of
>> RSA-4096. And will "average Joe" really move his key to a smart card if
>> he generated it off card? And does that actually make any sense
>> considering it wasn't originally generated on-card?
>>
>
> Plenty of people move existing keys to smart cards. Generating a key
> on-board is more secure, but then you're left dealing with two keys.
> The old software one, and the new smart card one. And if you've still
> got an old software key to deal with, then what's the benefit of a smart
> card anyway? And the new key doesn't have any of your existing signatures.
So, I move my key to a smart card to gain the illusion that it's more
secure, while it practically isn't (at least not much more).
Personally, I'd generate one on-card and sign it with my off-card
key. Then collect new signatures on the on-card key.
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/f810caa9/attachment.pgp>
More information about the Gnupg-users
mailing list