riseup.net OpenPGP Best Practices article

Viktar Siarheichyk vics at eq.by
Fri Jun 27 12:45:42 CEST 2014

On 26.06.2014 23:28, Paul R. Ramer wrote:
> On June 26, 2014 8:26:16 AM PDT, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>> As for arguments about use on smartcards -- if you plan to get a 
>> smartcard, and you have a primary key that is too large for it, you
>> can always generate and publish new subkeys that will fit in your 
>> smartcard. If that's the tradeoff that seems the most secure for
>> you, that's fine, and the fact that you were using stronger keys in
>> your non-smartcard implementation doesn't hurt you at all.
>> Smartcards are not a good reason to object to larger keysizes for
>> people who don't use smartcards.
> Actually, it is for those of us who prefer smartcards.  I was once
> newbie trying to use a smartcard. Repeated emphasis on having only a
> 4k key can create the impression that a smartcard is not strong
> enough, that it is weaker because it can only go up to 3072 bits
> (depending on the card).
> The reason for me to have a smartcard was to physically separate the
> key from the computer.  Using a key that is too large for the
> smartcard does not fit my purpose for having one.

I got an FSFE Fellowhip card and an OpenPGP SmartCard V2 from
kernelconcepts.de (both were received early this year) and they both
happily support 4096-bit keys. I do not know about YubiKey NEO "an
experimental OpenPGP applet" though.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 908 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140627/f4e124a8/attachment-0001.sig>

More information about the Gnupg-users mailing list