Migrating key to smartcard

Peter Lebbing peter at digitalbrains.com
Wed Jul 6 20:23:21 CEST 2016


On 06/07/16 10:25, Damien Goutte-Gattat wrote:
> True enough. In my case, I try to minimize the risk of human error by
> using a script which automatically brings the key online (from its
> offline USB storage), executes a single GnuPG command, then remove the
> key again.

What is the threat model that this procedure thwarts?

I don't think this is what is usually meant by an "offline primary key".
The idea is that you have a separate computer for your primary key, not
that you import it now and then. Unless I misinterpreted it myself.

What's the practical difference between only typing in the password for
the primary key when you need it and only storing it on local disk when
you need it? I think usually a compromised PC doesn't spontaneously
become uncompromised later on, it stays compromised. As soon as you use
the primary key, it is compromised as well. And as long as you don't
type your high quality passphrase, good luck to an attacker with just
your encrypted key, they shouldn't be able to use it.

I myself have my primary key on a different smart card than the subkeys.
With GnuPG versions before 2.1, this required some "packet surgery",
it's not really well supported. I think 2.1 will happily do this out of
the box.

By the way, I'm implying that you use a different passphrase for your
primary key than for your subkeys. Again, with 2.1, easy, before that,
packet surgery, I think.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list