Migrating key to smartcard

Dashamir Hoxha dashohoxha at gmail.com
Wed Jul 6 19:41:22 CEST 2016


On Wed, Jul 6, 2016 at 10:25 AM, Damien Goutte-Gattat <
dgouttegattat at incenp.org> wrote:
>
> Storing the master key offline and having to import it whenever I want
>> to sign other keys might actually decrease security, since it offers
>> enough of a possiblity to mess things up
>>
>
> True enough. In my case, I try to minimize the risk of human error by
> using a script which automatically brings the key online (from its offline
> USB storage), executes a single GnuPG command, then remove the key again.
>
> If you are interested, I've written a blog post [1] in which I give an
> example of such a script.
>

I would suggest the script key2dongle which is part of egpg:
 - https://github.com/dashohoxha/egpg/wiki/gnupg-2.1-key2dongle
 -
https://github.com/dashohoxha/egpg/blob/gnupg-2.1/src/ext/cmd_key2dongle.sh

It implements the symlink solution described at the end of the Damien's
blog post.

Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160706/1c125f3b/attachment.html>


More information about the Gnupg-users mailing list