Long Term Key Management With Hardware Tokens

Brandon Anderson brandon753.ba at gmail.com
Wed Jun 23 06:53:13 CEST 2021

> Or is it money? Something else?
Money and usability are certain factors here. Most of these tokens are 
in the realm of $50 apiece; the GPG smart card, while closer to $20, is 
still another $30 in shipping, so it would be costly unless I purchased 
all ten upfront. Not to mention the user experience suffers; if I search 
my email archive for some old record, I have to look through ten 
different cards to find the correct one.
> If this single OpenPGP smartcard which holds all of your keys of the last
> decade breaks, what then? Then you have lost access to all encrypted documents
> of the last decade. If you'd  use separate OpenPGP smartcards instead, then
> you'd lose access to only one key rotation interval worth of old encrypted
> documents.
> Regards,
> Ingo

Having retirement key slots makes it easier, not harder, to have 
redundancy to protect against this. In my particular case, I would use 
two smart cards at the initial state as safe backups. If one was very 
concerned, you could use three. The probability that one card out of ten 
will have a failure in a decade is far higher than the chance that all 
two or three cards will have a failure. Allowing retirement key slots 
means you can easily choose your level of redundancy while still keeping 
your keys on secure hardware only.


Brandon Anderson

More information about the Gnupg-users mailing list