Master Key Best Practice with SmartCard

Kristian Fiskerstrand kristian.fiskerstrand at
Mon Jan 25 14:58:05 CET 2016

Hash: SHA512

On 01/25/2016 02:55 PM, Andrew Gallagher wrote:
> On 25/01/16 10:08, Antoine Michard wrote:
>> So I thinking what is the best to do next: - Delete my useless
>> first subkey encryption from my keyring and send update to key
>> server.
> Once you've published a subkey it stays published. Deleting a
> previously published subkey only removes it from your local
> machine. It won't stop others from finding it on the keyservers and
> trying to use it.
> If you want to explicitly mark a subkey as "do not use" (but you do
> not believe that it has been compromised), then give it an
> expiration date of yesterday and republish. There's no particular
> reason to delete your local copy of the subkey (and there may be
> very good reasons not to, e.g. old encrypted data).
> NB expiration can be undone, but revocation cannot.

While this is correct in a perfect world, in practice it depends on
the context as expirations can only effectively be extended due to
possibility for an attacker to remove the new self-sig and presenting
an older copy of the certificate to a third party. The same goes for
revocation, it is true that the keyservers are add-only and provides
some protection against it, but it is feasable for an attacker to
present this certificate without revocation data to a user that isn't
diligent with regards to keyring refreshes or by manipulation of the
update channel (e.g. a preference for fetching from non-tls URI rather
than a keyserver).

- -- 
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public OpenPGP key at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)


More information about the Gnupg-users mailing list