Unattended signing
Peter Lebbing
peter at digitalbrains.com
Wed Feb 25 10:56:07 CET 2015
On 25/02/15 06:49, NdK wrote:
> Use a smartcard and generate on-card a new key that replaces the expired
> one.
While I agree this could be a neat setup for OP, it might be overkill or even
impractical given the signing speed of a smartcard. I don't know what volume of
signatures will be issued.
Anyway, I said "destroy backups". I would arrange for backups not to include the
signing key in the first place. If the system needs to be restored from backup
(which would be very seldomly), just issue a new signing key.
Still, you might have forgotten to exclude it on a one-off backup you made at
one time or another.
And the point was that it is not /needed/ to destroy the key, so I'll stop
focussing on destroying the key... heh... :S
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list