GPG, subkeys smartcard and computer
Stefano Tranquillini
stefano.tranquillini at gmail.com
Sun Feb 19 09:41:24 CET 2017
thanks,
Sorry for the double messages, I sent the first before subscribing to the
list and I tought it was not forwarded to the mailing list.
Briefly:
- use tails to genereate master (default settings) and subkeys
- export the public key and fingerprints
- backup master to a cold storage
- export the subkeys for later usage
- move the subkeys into the laptop
I'll skip the smart card now, I'll only generate and add to it a A subkeys
for accessing ssh in case I'm away of the pc. I think I can have multiple A
subkeys, not like E keys that only the last is used, and use them to ssh
servers if all these subkeys are added to the server
Regarding the rest:
On Fri, Feb 17, 2017 at 3:11 PM, Andrew Gallagher <andrewg at andrewg.com>
wrote:
> ... cut ...
>
> If you run "keytocard" and then save your changes, you will delete the
> on-disk copy of those subkeys. They will only then exist on the
> smartcard. I normally don't recommend this, as it means you have no way
> to back up your E subkey, and if your smartcard breaks you then lose
> access to all data encrypted to it. If you are keeping your master
> offline, there is IMO little extra risk in also keeping an offline
> copy of your E subkey. In order to do this, once you run "keytocard" on
> all three subkeys you should immediately quit gnupg *without saving*.
> This will ensure that the on-disk copy is not deleted.
>
wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the
smartcard).
Can't I create a new E (called E2) from my master and decrypt the data? Or
the data encrypted are decriptable only by the exact E (E1 in this case)
that was used to encrypt it?
Can't I export the subkeys to a file and backup that file and then move
the keys to the card? Will I be able to restore the keys if they get lost?
Sending you a sperarte email for the script (which seems the one you have
on the website)
--
Stefano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170219/666e5594/attachment.html>
More information about the Gnupg-users
mailing list