Please remove MacGPG from gnupg.org due to serious security concerns
Werner Koch
wk at gnupg.org
Thu Feb 19 20:08:17 CET 2015
On Thu, 19 Feb 2015 18:15, js-gnupg-users at webkeks.org said:
> I don't really see how that is cumbersome if you have an alias for tag
> and for commit that each specify the key you want?
Because it is too easy to forget about it. And I would need to teag
Magit. I started to use a new key for commits. Let's hope that I don't
forget to tag the releases with the other key.
> As an aside, what's the reason for not signing the commits with the
> key on the card? I sign all my commits with the key stored on my
Because I have to enter the PIN everytime (right, I do this on purpose),
the RSA signatures a long, and I do not keep my signing key card
inserted all the time. In fact I have to walk out of the office to pick
it up.
Using a on-disk for commits is okay because it only serves the purpose
to assert that the commit was done on one of my machines. If that
machine has been compromised all kind of things can be manipulated and
thus it does the extra protection a smartcard gives is not useful.
Shalom-Salam,
Werner
ps. Here is the key I started to use for commits.
pub ed25519/E3FDFF218E45B72B 2015-02-18 [expires: 2025-02-15]
Key fingerprint = C1D3 4B69 219E 4AEE C0BA 1C21 E3FD FF21 8E45 B72B
uid [ unknown] Werner Koch (wheatstone commit signing)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20150219/03772936/attachment.sig>
More information about the Gnupg-users
mailing list