what are the sub keys

Grant Olson kgo at grant-olson.net
Tue Mar 22 23:47:49 CET 2011


On 03/22/2011 06:37 PM, Jerome Baum wrote:
> 
> So, I move  my key to a smart  card to gain the illusion  that it's more
> secure, while it practically isn't (at least not much more).
> 

Why wouldn't it be more secure?  Before my key was encrypted but
available on disk, and available unencrypted in system memory.  Now it's
on a specialized smart-card, completely inaccessible to the OS.

History of my key.

1) Normal key for a few months.

2) Moved the primary key offline, only used subkeys on networked
computers, and did that for a few more months.

3) Moved the subkeys to a dedicated smart card.

Sure, I can't guarantee that the NSA or a Chinese Hacker didn't
compromise my keys a year ago, but I'm still much more secure now than I
was then.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 564 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/139d9f3a/attachment.pgp>


More information about the Gnupg-users mailing list