Long Term Key Management With Hardware Tokens
Brandon Anderson
brandon753.ba at gmail.com
Thu Jun 24 11:21:35 CEST 2021
>> concerned, you could use three. The probability that one card out of
>> ten will have a failure in a decade is far higher than the chance that
> You should also be concerned that malware bricks your (backup) card.
> You can only avoid that by using an always air-gaped box which is pretty
> inconvenient.
>
> Paper copies are actually much more reliable. I meanwhile scribble down
> the key using a pencil and paper. Modern keys are short enough to do
> that. (you should also note the creation date).
I am not arguing that paper copies are less reliable; of course, they
are; however, they are not as secure. I prefer greater security and key
protection at the risk of less key reliability. I would be ecstatic if
malware on my system chose to brick my smartcard over getting access to
decrypted communication that it could be snooping on. I personally would
prefer to lose access to my own data than let an adversary gain access
to it. That being said, if I could avoid losing access to my data by
having a proper redundant setup, I would prefer it.
>> all two or three cards will have a failure. Allowing retirement key
>> slots means you can easily choose your level of redundancy while still
>> keeping your keys on secure hardware only.
> Back to your original request. A new revision of the OpenPGP card is in
> the works and the plan is to add more key slots. Surely there will be
> some support for this in GnuPG. If you want support for the extra PIV
> slots, we first need to find a business case for this (its not just the
> development effort but also the future maintanence work which I have to
> consider).
First, if you are working on a new revision of the OpenPGP card, please
let me know if I can reasonably do anything to help. While I don't have
as much free time as I like, I am a software developer and would love to
help get this feature added if possible. With that being said, what do
you mean by a business case for this? Is there some format of a proposal
that you are particularly expecting, or is anything that outlines
options, benefits, risks, etc., sufficient?
Sincerely,
Brandon Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 9076 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210624/663fa642/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210624/663fa642/attachment-0001.sig>
More information about the Gnupg-users
mailing list