GPG, subkeys smartcard and computer

Peter Lebbing peter at
Mon Feb 20 17:49:55 CET 2017

On 20/02/17 16:25, Kristian Fiskerstrand wrote:
> Wouldn't consider this accurate, the typical use case for multiple A
> subkeys is per-device usage, explicitly to avoid having to revoke all if
> one is compromised.

Well, if you use only one, "revoke all" is still "revoke one" ;). It's not the
revocation step that gets any bigger, it's just that you need to roll out the
new key to all your client systems instead of just the server systems.
Personally, the number of server systems I use is way larger than the number of
client systems. Over all, I don't think it's that much more work, given it's a
rare occurence anyway (I hope).

With A per system:

1) Create new key on compromised system
2) Roll out new key to all server systems
3) Revoke old key on all server systems

With just one A:

1) Create new key
2) Roll out new key to all client systems
3) Roll out new key to all server systems
4) Revoke old key on all server systems

Steps 3 and 4 are more work than step 2. I have login credentials for at least
11 systems off the top of my head, yet only 3 client devices I regularly use [1].

When all your server systems automatically pick up on OpenPGP auth subkeys from
a keyserver, or when you use OpenSSH's CA mechanism, steps 3) and 4) are pretty
much automatic, in which case indeed step 2) would dominate and one key per
device once again wins.

So perhaps one key per device is superior, also for detecting which client
system was compromised by looking at the SSH auth logs on the server (supposing
the attacker didn't gain root privileges and wiped his traces immediately). But
I think it's not a very significant difference, or did I miss a scenario?

My 2 cents,


[1] However, I have four different auth keys on those clients, three on-disk,
one per system and one smartcard I only use on a single one of those systems. I
actually use one key per client, but note that I don't have multiple A-capable
OpenPGP subkeys. All my on-disk keys are just regular ol' OpenSSH keys, and I
think then one key per device is a much cleaner setup indeed.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170220/072053e2/attachment.sig>

More information about the Gnupg-users mailing list