Hi Daniel, On Mon, 16 Apr 2018, Daniel Kahn Gillmor wrote: > what do you see as the advantage of a hardware token for message > decryption given that the key will be transferred to main memory after
I don't see/use it as message decryption device. In about 20 years of gpg usage, I have received maybe 10 encrypted messages. For my the prime usage scenarios are: * signing as verification (uploads to Debian, git tags, ..) * using gpg key as ssh key In all these cases expired keys cannot be used anymore, thus also not abused. If someone has access to my computer and can decrypt one of the 10 messages, I really think I have a bigger problem than these 10 msgs. Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. + JAIST + TeX Live + Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
