Unattended signing

Peter Lebbing peter at digitalbrains.com
Wed Feb 25 10:56:07 CET 2015


On 25/02/15 06:49, NdK wrote:
> Use a smartcard and generate on-card a new key that replaces the expired
> one.

While I agree this could be a neat setup for OP, it might be overkill or even
impractical given the signing speed of a smartcard. I don't know what volume of
signatures will be issued.

Anyway, I said "destroy backups". I would arrange for backups not to include the
signing key in the first place. If the system needs to be restored from backup
(which would be very seldomly), just issue a new signing key.

Still, you might have forgotten to exclude it on a one-off backup you made at
one time or another.

And the point was that it is not /needed/ to destroy the key, so I'll stop
focussing on destroying the key... heh... :S

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list