GPG, subkeys smartcard and computer

Andrew Gallagher andrewg at andrewg.com
Sun Feb 19 13:45:08 CET 2017


> On 19 Feb 2017, at 11:19, Peter Lebbing <peter at digitalbrains.com> wrote:
> 
>> On 17/02/17 15:11, Andrew Gallagher wrote:
>> Some systems will only authenticate against the most recently created
>> A subkey.
> 
> I have no personal experience, but I think it's possible this relates to
> MonkeySphere handling the authorized keys on the server?

In my personal experience, monkeysphere has correctly added all valid A subkeys. But I have a niggling doubt that I once read complaints from somebody somewhere (not helpful, I know) that whatever system they were using had trouble with multiple valid A subkeys. 

The main reason I am wary of having multiple subkeys for the same usage is that it just adds more complexity to an already complex system. In the case of E, multiple subkeys cause utter chaos. And in the case of A and S, there next to no benefit - if one of your subkeys is lost you should revoke it immediately anyway, and you can generate a new subkey while you're at it. Having an extra subkey generated in advance only gives you a tiny window of extra utility. 

Andrew. 



More information about the Gnupg-users mailing list