Long Term Key Management With Hardware Tokens

Brandon Anderson brandon753.ba at gmail.com
Tue Jun 22 18:53:57 CEST 2021

> For the benefit of the archives, it is possible to encrypt outgoing 
> emails to your own key as well as the recipient's key, which ensures 
> that the sent-mail folder is readable by the sender. Most email 
> clients will do so by default (e.g. mutt, thunderbird/enigmail), and 
> in most such clients all you need to do to re-encrypt to the 
> recipient's new subkey is "Edit" -> "Send" or similar. So in the 
> general case this is a reasonable request, although it cannot be 
> relied upon (of course).
Good to know; I will look into my settings.

>> the PIV functions only support 2048 RSA and NIST curves. The only card
> That's per PIV specs.

I assumed as much; otherwise, there would be more offerings. There are 
x509 certificate cards/HSM smartcards like the one I posted that offer 
more than the PIV spec, but again it's a question of how compatible they 
are to work with GPG; my initial guess is it would be a lot of work.

> Frankly, I am not convinced about the retirement slots on the card.
> They are of course useful if you rotate you key.  But the question is
> why you want to do this given that the keys are anyway securely stored
> on a card.
If a key truly lived and died on a single secure device, and that was 
your only concern, then yes, it would not be helpful. I am thinking 
about my situation: I have two Yubikeys in everyday use and a GPG 
smartcard in a safe. I imagine a scenario where one of the Yubikeys 
dies, is lost or is stolen. In all of those situations, the encryption 
key and the other device-specific keys would need to be revoked and a 
new one issued. The GPG card in the safe would store the old encryption 
key in a retired key slot so I can decrypt old emails. If I did, for 
example, annual key rotations and only stored the retired keys on the 
card in the safe, then in the event one of my Yubikey's was stolen, and 
the thief could guess or know the pin, the only data at risk would be 
what was encrypted since the last key rotation. Whether it is reasonable 
to assume that a thief could know your pin or not is purely a matter of 
your risk tolerance (a keylogger on one of the computers you used, 
etc.). Another reason the encryption key might want to be rolled is if 
you are adding another new secure device to your existing set and you 
want it to be able to decrypt messages. Since ideally, the encryption 
key would only exist on the secure hardware, and there would be no way 
to give a new token the existing encryption key so that you would roll a 
new encryption key on all the devices.
Many tutorials, examples, and articles that are talking about using 
Yubikeys and smartcards currently suggest making paper backups of the 
encryption key so you can add it to new devices if needed. But this, at 
least to me, feels like it's significantly reducing the value of using 
secure hardware like smartcards in the first place. Having the keys only 
ever exist on secure hardware, including the backups, would make this 


Brandon Anderson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 9076 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210622/aed109eb/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210622/aed109eb/attachment.sig>

More information about the Gnupg-users mailing list