What are some threats against which OpenPGP smartcards are useful?

Christoph Groth christoph at grothesque.org
Tue Jan 7 23:58:44 CET 2020


Robert J. Hansen wrote:
> On 2020-01-06 18:26, Christoph Groth wrote:
> > 
> > But then he also mentions his 128-bit passphrase and that he would
> > be OK to publish his (passphrase-protected) private key in
> > a newspaper.  Why then not store it on the disks of multiple
> > computers?
>
> Hint: because the phrase "forensics lab" is extremely important in
> what I wrote.
>
> (...)

Thanks a lot for the explaination, Rob.  Now I understand what you
meant.

> But, outside of that laboratory environment, I didn't -- still
> don't -- need to use a smartcard.  Usually I just keep the key on the
> hard drive of whatever machine I'm using.

How about the alternative of keeping small USB keycards (like a Yubikey
nano) permanently plugged into the machines that you are using?
Assuming that you trust the keycards to keep their secrets, wouldn’t
that provide at least the advantage of a much shorter passphrase?  Are
there any security disadvantages of such a scheme?

By the way, I would be still interested in expert opinion about the last
paragraph of my original mail, in case someone could spare the time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200107/e2081b97/attachment.sig>


More information about the Gnupg-users mailing list