Primary and Signing Key on Different Smart Cards
Peter Lebbing
peter at digitalbrains.com
Mon Nov 21 12:08:29 CET 2016
On 20/11/16 22:50, Anton Marchukov wrote:
> I think you will have to keep it as backup too in case you will want
> to add another smartcard with a new subkey to an existing key or not?
Oh, good point! Maybe it's possible without on-disk keys, I'll try it
out later. Otherwise: yes, it would be impossible to add new subkeys.
> Although if air gaped machine is secure then encrypting backup using
> the smartcard itself and removing the unencrypted copy will do the
> trick as well.
I'm not too sure about "removing the unencrypted copy", though. I'd much
rather not have the key hit the disk anyway. By using a Linux Live CD
and physically removing the cable from the hard disk.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list