gnupg-pkcs11 status & future

Werner Koch wk at gnupg.org
Sun Feb 28 09:46:37 CET 2016


On Fri, 26 Feb 2016 16:02, peter at digitalbrains.com said:

>> Rotating does only make sense if you take the old key soon offline.
>
> Why is this the case? I must admit I'm fairly comfortable not rotating
> my keys (which are on OpenPGP smartcards). But I can think of lines of

I personally agree in the case of smartcard stored keys.  The OP
requested that feature for smartcards and I can see no use case for this
unless the old key will be remove from the smartcard after some time.

The threat model would be based on the premise that keys can extracted
from a smartcard with some effort and an offline stored or deleted key
is more safe.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list