GPG, subkeys smartcard and computer

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Mon Feb 20 22:51:08 CET 2017


On 02/20/2017 05:49 PM, Peter Lebbing wrote:
> So perhaps one key per device is superior, also for detecting which client
> system was compromised by looking at the SSH auth logs on the server (supposing
> the attacker didn't gain root privileges and wiped his traces immediately). But
> I think it's not a very significant difference, or did I miss a scenario?

Revocation of the specific subkey is automatically picked up by all
systems due to automatic refresh of the public key on regular intervals,
without losing access to the system from non-compromised devices.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Qui audet vincit
Who dares wins

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170220/79b9056e/attachment.sig>


More information about the Gnupg-users mailing list