Sunset of a smartcard encryption key
Stefan Claas
sac at 300baud.de
Sun Mar 8 00:11:55 CET 2020
Andreas K. Huettel via Gnupg-users wrote:
> Hi all,
>
> so here's a question that I'm sure people here have already been thinking
> about... Like probably many others here I have a gpg smartcard with three
> subkeys Sign, Encrypt, Authenticate, and an offline Certify master key at a
> safe place.
>
> * If I want to let my Signature subkey expire and generate a new one, that's
> not a big problem for me, since the public key is still available to everyone
> on the keyservers for verifying sigs.
> * If I want to let my Auth subkey expire and generate a new one, well I just
> need to add the new one to all authorized_keys files in time.
>
> But how do I sensibly handle a graceful sunset of an encryption key? If I
> replace the subkey on my card, I immediately can't read old e-mails anymore.
>
> If I had the key in a file, I could keep the old, expired subkey around and
> still decrypt the data, but that would kinda defy the security provided by
> the card...
>
> My best idea so far is to generate a second token (Nitrokey, Yubikey or
> similar) *only* for old encryption subkeys, and additionally plug that in if
> I need to read an old message. Does anyone already have experience with such
> a setup?
What I would like to know how people handle the case when a SmardCard gets lost,
broken or maybe confiscicated at an Airport etc.?
Why not using an encrypted harddisk (VeraCrypt etc.), for important documents,
files, which could be mounted on a dedicated offline computer (or maybe used
with an online computer) and when not used put in a safe place?
Regards
Stefan
--
Signal (Desktop) +4915172173279
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list