Full Workflow with Smart Card(s)

Adam Sherman adam at sherman.ca
Sun Jan 22 19:47:37 CET 2017

Good Afternoon All,

I would like to put together a full workflow for creating and using GPG.
Having read a few articles about using air-gapped systems and
Smartcards, I'm almost there.

I currently have a setup where the master key is on a USB key, which is
only inserted into an air-gapped system when required. Day-to-day
subkeys are stored on a Yubikey for regular use. This works.

But, using an air-gapped system to sign keys that you trust seems rather
unwieldy, particularly when you include in the process the need to copy
the public keys to media accessible by the air-gapped system.

Could a second smartcard be used to generate and store the master key,

What do others do?

Thanks for your input,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170122/e61fa428/attachment.sig>

More information about the Gnupg-users mailing list