problem signing with a smart card

Antoine Michard antoine.michard at chezgeek.fr
Thu Jan 21 17:30:55 CET 2016


Thanks Andrew and Peter for your advice.

Of course it is my old encryption key and have data encrypted with it,
but there is not a lot file (maybe except for pass* :-/ )
I will thinking how to procede, backup masterkey before begin and hope I
haven't forget encrypted data...

I haven't heard about monkeysphere but I've found website so I will
study it :)

Thanks for every thing :D

Antoine Michard
GPG Key: 0xF5C9E7CD0882B381

Le 21/01/2016 16:24, Andrew Gallagher a écrit :
> On 21/01/16 15:13, Peter Lebbing wrote:
>> On 21/01/16 15:47, Andrew Gallagher wrote:
>>
>>>> PS2: I can do the same with my authentication key, because if my key is
>>>> compromise, my SSH server don't know it ! Right?
>>>
>>> Yes.
>>
>> Let's talk about two separate issues:
>>
>> - If the smartcard breaks, you don't have access to the key anymore and
>> you need some alternative way of getting a new key authorized (the
>> normal way being to log in and add it to authorized_keys, but you can't
>> login with the old key anymore because the smartcard broke).
>>
>> - If your authentication subkey is /compromised/, you can still log in
>> to the SSH server, install a new key by editing authorized_keys, and at
>> the same time remove the old key from there. However, so can your
>> attacker. Having a key backup doesn't help against compromise.
> 
> Yes to all the above. I'd just point out that the same considerations
> apply to any lost vs. stolen authentication token (e.g. password).
> 
> A
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160121/c1321c8c/attachment.sig>


More information about the Gnupg-users mailing list