Long Term Key Management With Hardware Tokens

Brandon Anderson brandon753.ba at gmail.com
Thu Jun 24 11:21:35 CEST 2021

>> concerned, you could use three. The probability that one card out of
>> ten will have a failure in a decade is far higher than the chance that
> You should also be concerned that malware bricks your (backup) card.
> You can only avoid that by using an always air-gaped box which is pretty
> inconvenient.
> Paper copies are actually much more reliable.  I meanwhile scribble down
> the key using a pencil and paper.  Modern keys are short enough to do
> that.  (you should also note the creation date).
I am not arguing that paper copies are less reliable; of course, they 
are; however, they are not as secure. I prefer greater security and key 
protection at the risk of less key reliability. I would be ecstatic if 
malware on my system chose to brick my smartcard over getting access to 
decrypted communication that it could be snooping on. I personally would 
prefer to lose access to my own data than let an adversary gain access 
to it. That being said, if I could avoid losing access to my data by 
having a proper redundant setup, I would prefer it.
>> all two or three cards will have a failure. Allowing retirement key
>> slots means you can easily choose your level of redundancy while still
>> keeping your keys on secure hardware only.
> Back to your original request.  A new revision of the OpenPGP card is in
> the works and the plan is to add more key slots.  Surely there will be
> some support for this in GnuPG.  If you want support for the extra PIV
> slots, we first need to find a business case for this (its not just the
> development effort but also the future maintanence work which I have to
> consider).

First, if you are working on a new revision of the OpenPGP card, please 
let me know if I can reasonably do anything to help. While I don't have 
as much free time as I like, I am a software developer and would love to 
help get this feature added if possible. With that being said, what do 
you mean by a business case for this? Is there some format of a proposal 
that you are particularly expecting, or is anything that outlines 
options, benefits, risks, etc., sufficient?


Brandon Anderson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x255837AEF812E87E.asc
Type: application/pgp-keys
Size: 9076 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210624/663fa642/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210624/663fa642/attachment-0001.sig>

More information about the Gnupg-users mailing list