On 11/12/2013 01:58 PM, Henrik Ahlgren wrote: > On Tue, Nov 12, 2013 at 01:15:38PM -0500, Hans-Christoph Steiner wrote: >> Having the key generated on the card is the most secure, since those cards >> are >> designed so you can't read the secret key off of the card. So the cost of >> putting a new certificate on the card is only someone's time for generating >> and uploading and new key to it. > > But there is the significant downside that it is not possible to > backup the key, so if the card gets destroyed in a fire or just fails > and stops working, the key needs to be revoked, since only one > physical copy of the private key exists. (Which also means that only > one machine can sign with the key.) > > So for widely used keys it might be better to create the keypair in a > trusted (airgapped from any network and diskless) machine running > something like Debian Live or Tails, and in addition to uploading it > to the smart card, make few backup copies to offline media (e.g. USB > sticks) to be stored in a safe location.
That is also a good point. The process needs to be designed to work in each situation. Having a single copy of a private key is not always a disadvantage, but it can provide some interesting, unique advantages. If you look at the example of Lavabit, he was ordered by the government to turn over a copy of his secret key. If that key was generated on a smartcard, then it would not be possible for him to give a copy of the key to someone else. Having a key that is only on a single smartcard would make that key impervious to secret orders. Sure, a government could take that key by secret order, but then the debian server would have to use a new one, so the action would not be a secret. .hc -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52827f67.9070...@at.or.at
