problem signing with a smart card
Antoine Michard
antoine.michard at chezgeek.fr
Thu Jan 21 13:01:39 CET 2016
> But do note well that if you generate a new encryption subkey, you can
> no longer use the smartcard to decrypt stuff encrypted to the old
> encryption subkey! I'd hate for you to just go ahead and discover you've
> just thrown out your only copy of the encryption subkey...
I've made my master key on a computer offline and then use addcardkey
command to add subkey on my card. I don't have backup and you say that
if I lost my card I lost my encrypt file ?? So why people use subkey ??
Maybe only for people who have his key sign by other... :(
I love GnuPG and crypto, but it's hard to find good information on it
Antoine Michard
GPG Key: 0xF5C9E7CD0882B381
Le 21/01/2016 11:13, Peter Lebbing a écrit :
> On 21/01/16 09:54, Tzafrir Cohen wrote:
>> So I guess I should just create new subkeys in the card.
>
> That's fine for the signature key, although you could also extend its
> expiration date. But rotating signature keys is generally no more work
> than distributing the extended expiration date, so IMHO you might as
> well generate a new one.
>
> But do note well that if you generate a new encryption subkey, you can
> no longer use the smartcard to decrypt stuff encrypted to the old
> encryption subkey! I'd hate for you to just go ahead and discover you've
> just thrown out your only copy of the encryption subkey...
>
> By the way, in my opinion, you should always have a backup of your
> encryption subkey if it's on a card, because cards can break.
>
> HTH,
>
> Peter.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160121/20b91b19/attachment-0001.sig>
More information about the Gnupg-users
mailing list