Long Term Key Management With Hardware Tokens

Brandon Anderson brandon753.ba at gmail.com
Tue Jun 22 08:47:47 CEST 2021 

> If you know the recipient, then solving the latter is easy. Ask the 
> recipient
> to resend the message encrypted with your new key.
>
In my setup, when something is sent, only the encrypted mail is sent to 
my sent folder, so if I were asked as you suggest, I would have no way 
to send the letter without rewriting it; I assume this is true for 
others as well. But even so, if it's old mail, the request may be 
impossible.

> GnuPG 2.3 does support PIV smartcards and you can create OpenPGP keys 
> (and
> X.509 certificates/certificate requests) for those card keys. So far, 
> only the
> standard key slots are supported, but I guess adding support for 
> retired keys
> wouldn't be too hard. So, you could consider using PIV tokens as hardware
> tokens.
>
I will look into that. Do you know of any PIV cards that support the 
25519 curve? Unfortunately, while the Yubikey supports 25519 for GPG, 
the PIV functions only support 2048 RSA and NIST curves. The only card I 
see so far that supports this is 
https://www.cardlogix.com/product/l-plus-hardware-security-module-hsm-card/, 
but I am unsure what would be involved in getting it to work as I doubt 
it would be compatible out the box with GPG; I will try to obtain one 
and experiment.

What would it take to add support for retirement key slots into the GPG 
smartcard specification? If retirement slots were added to the smartcard 
spec, then after several years, other smartcard implementations might 
add support for it over time. Is that something I could help contribute 
with?

> Well, you could re-encrypt everything encrypted to the retired keys 
> with the
> new keys. This will make sure that you can still decrypt everything 
> even if
> you kept tokens with the retired keys and those tokens die.
>
I thought about this as well. Having an encrypted offline copy of the 
decryption keys encrypted with a smartcard would have the same benefits 
as the limited password attempts and hardware security around the key. 
The problem is that whenever I need/want to decrypt old messages, I 
would have to set up an air-gapped system and, on that system, load the 
decryption key on a token, a rather tedious process. That being said, I 
will probably go with this option in the interim unless others have a 
better suggestion on how to do this. I would like to help if I could on 
adding key retirement slots to the smartcard specification if possible.

Sincerely,

Brandon Anderson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 9076 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210621/c70438da/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210621/c70438da/attachment-0001.sig>

More information about the Gnupg-users mailing list