GPG, subkeys smartcard and computer

[Peter Lebbing]

On 19/02/17 13:45, Andrew Gallagher wrote:
> In my personal experience, monkeysphere has correctly added all
> valid A subkeys.

Thanks for the clarification.

> But I have a niggling doubt that I once read complaints from somebody
> somewhere (not helpful, I know) that whatever system they were using
> had trouble with multiple valid A subkeys.

Only one way to get this knowledge to the surface: we obviously need to
advise everybody to generate multiple A subkeys so somebody will
complain it doesn't work! Just kidding :).

> And in the case of A and S, there next to no benefit

I agree. I can't think of a compelling reason to use multiple ones; all
things considered, the added hassle is the larger factor in every
scenario I could think of just now. If you can't duplicate your A or S
subkey when you want to, for instance because you have it on smartcard
only, it's just as easy to create a new key and overwrite the old one on
the smart card. Then you can just use your new subkey everywhere from
now on. Just watch out you do it in the right order with respect to A
keys: first roll out the new key on all systems you want to authenticate
to, and only then overwrite your old key on your smartcard :-).

However, maybe someone has come across a reason to do it where it would
be worth the hassle. There certainly are people using multiple S subkeys.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170219/e625d2ab/attachment.sig>