Felix E. Klee wrote:
Huh? AFAICS, in general it is more important to have the subkeys on a smart card than the master key. After all the master key can be stored
> But then you cannot commit a mortal sin of using GPG remotely ;) Seriously, I think you have a very strong point in case of keeping the subkeys on the smart card (btw, this will be possible too with the PKCS#11 patch). I carefully chose my passwords so that they have ~50 bits of entropy, using my own utility for the purpose, of course :) http://freshmeat.net/projects/secpwgen/ This key length won't stop NSA but will stop 95% of attackers. For the other 5% I do not worry because I'm not dealing with highly-sensitive data. This is a conscious trade-off security vs. comfort on my side. Having your frequently used keys on the smart-card.. has some disadvantages: - you can't use it remotely (yes, I know, it's bad for security, but I'm comfortable with it since I've defined my threat model) - maybe you'll want to access your mail from some computer on which you're not allowed to install the smart-card reader and its drivers (although it is questionable whether you SHOULD decrypt something on the computer you're not in charge of) I have been employed at a real-world PKI deployment - a national CA in fact. And esp. the 2nd point was one of the major complaints from the users about smart-cards. Another frequent problem was locked smart-card. With smart-card it is much easier to perform the denial-of-service on you than with file-based keys. Say you go on a business trip.. someone steals your smart-card and you can't do business. Or even worse, irreversibly locks both PINs so that the card is effectivly unusable. So, personally, I'd rather have one long-lived master key on the smart-card, get as many people as possible to sign it, and use *that* key to sign my other (shorter-lived) keys. The same scheme I'm also using now, but not with the smart-card. In the hope that I'll never go through the inconvenience of revoking my master key (which, of course, has much stronger passphrase than my 'regular' keys). Of course, it all depends on your threat model, the value of information you are protecting and the minimum desired secrecy lifetime. Best regards, Zeljko.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
