Smart card
Corey Sheldon
sheldon.corey at openmailbox.org
Tue Apr 4 12:41:56 CEST 2017
On 4/4/17 6:46 AM, Jan Koppe wrote:
> Hello Will,
>
> somewhat off-topic, but..
>
> On 04.04.2017 01:18, Will Senn wrote:
>
>> If this has been addressed recently, my apologies, I couldn't find a
>> search interface for gnupg-users...
> You can use a google query like this:
> "site:https://lists.gnupg.org/pipermail/gnupg-users/ <searchterm>"
>
> This restricts the search to only the list archive.
>
> Regards,
> Jan
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
Hello there.
Firstly, congrats on your journey to learn the intimacy of a more secure
lifestyle. You mention your have ~ 6 devices with keys. Generally it
is advised to have a 'Master" set which would be backed up on smartcard,
( in my case a Yubikey 4 - a usb sized smartcard with the smartcard/gpg
applet cooked into the device ). with `portable` keychains on the 6
devices. Preferably these have at least 1 subkey each that can be used
to maintain trust chains god forbid the main key or conversely the
subkey is lost/compromised. as keys/subkeys are link-able via some small
portion of the key data. Smartcard(s) purchase in your case would be
advisable as you are on multiple devices and having a portable subkey on
your other devices and the master key(s) on your Smartcard would also
provide a sense of hardware-based 2fa and make the keys otherwise
rather useless for anyone else. Due to form factor I'm a bit biased to
usb form factor, also they tend to have the lowest bar of entry as any
pc I've encountered built post 1980 has a usb 1.0+ port. In this
context "smartcard" refers to the device type not a technology per-say,
but a method/device to implement said technology (gpg among others).
Something else to consider is that not all smartcards are equal some
merely hold gpg keys, some like Yubikeys have other 2fa technologies
onboard like x.509 keys (in a secure element storage on the device) and
OTP ( Yubicloud,TOTP,HOTP,Chal-Resp, etc). so consider these things more
thoroughly and tehn research brands from there, revisiting this list if
needed.
Respectfully,
--
Corey W Sheldon
ph: +1 (310).909.7672
Personal:0x90DD92F222C15DC2 || A897 3F1B A97B 33BC 5F73 CBBE 90DD 92F2 22C1 5DC2
Fedora:0x32C80DA97E25CEFE || 0DB4 A35F 22B9 C6DF 0F56 BEB8 32C8 0DA9 7E25 CEFE
Ameridea (Admin):0x5C9AB5EC2C5CA3DA || 420D 115E 791D F34F C445 BEC1 5C9A B5EC 2C5C A3DA
Freelance IT Consultant, Multi-Discipline Tutor
Fedora AmbaNA (linuxmodder)
Ameridea LLC Founder, CEO
Find me elsewhere:
https://gist.github.com/linux-modder/ac5dc6fa211315c633c9
"One must never underestimate the power of boredom...from which creativity and laziness are borne, which can spark great works of chaos and genius." --Anonymous
"Any man willing to retreat freedom for security is deserving of neither." (Pp) -- Benjamin Franklin.
This document, including attachments, is intended for the person or company named and contains confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please destroy this message and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170404/85d5a86c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sheldon_corey.vcf
Type: text/x-vcard
Size: 327 bytes
Desc: not available
URL: </pipermail/attachments/20170404/85d5a86c/attachment.vcf>
More information about the Gnupg-users
mailing list