Didier 'OdyX' Raboud <o...@debian.org> writes: > Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit : >> I would object against creating a PGP key on the HSM itself. Not having >> the proper control on the key is room for disaster as soon as you lose >> it or it dies. > > For subkeys, isn't that a benefit rather than a disadvantage? > > You lose the key, or it gets destroyed / unusable; good, you get a new subkey > instead of reusing the existing one on a different HSM.
For the authentication and signing subkeys this is indeed true. For the encryption subkey significantly less so (as things encrypted against that key then become impossible to decrypt). Personally I have generated the signing and authentication subkeys on the HSM itself (and thus at least in theory they cannot leave the HSM), and the encryption subkey I have generated on an airgapped system and stored on the HSM after making a couple of backups. -- Arto Jantunen
