On Tue, Nov 12, 2013 at 01:15:38PM -0500, Hans-Christoph Steiner wrote: > Having the key generated on the card is the most secure, since those cards are > designed so you can't read the secret key off of the card. So the cost of > putting a new certificate on the card is only someone's time for generating > and uploading and new key to it.
But there is the significant downside that it is not possible to backup the key, so if the card gets destroyed in a fire or just fails and stops working, the key needs to be revoked, since only one physical copy of the private key exists. (Which also means that only one machine can sign with the key.) So for widely used keys it might be better to create the keypair in a trusted (airgapped from any network and diskless) machine running something like Debian Live or Tails, and in addition to uploading it to the smart card, make few backup copies to offline media (e.g. USB sticks) to be stored in a safe location. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131112185858.gk27...@seestieto.com
