On Mon, Jun 3, 2013 at 5:41 AM, Branko Majic <bra...@majic.rs> wrote: > Hello all, > > I'm looking into setting myself up with some OpenPGP cards, and I'm > looking into some opinions on using separate OpenPGP card for the > master key and sub-keys vs using a single OpenPGP card. > > The idea behind this would be that my master OpenPGP card would be kept > in a safe area (hidden cavern, back home under pillow/mattress and > similar :), while I'd carry my sub-keys OpenPGP card with me at all > times and use it for every-day operations. > > In particular, I'm curious to find out if there is any technical > limitation that I should be aware of if I go with this kind of schema? > Mainly in terms of how GnuPG handles the OpenPGP cards? > > Does anyone utilise this kind of schema? Or do people go with soft > token for master key instead?
Using separate smartcards for master and subkeys works perfectly fine for RSA keys in my experience. I do precisely this with one of my recent keys. Here's a general overview of how I did it: 1. Generate primary key on the computer (not directly on the smartcard), then make appropriate offline backups (e.g. on CD-R) so if the card is damaged I can still use the key. 2. Transfer the primary key to the smartcard, then delete the primary key from the computer. I then ran "gpg2 --card-status" to generate the private key stub that tells GnuGP that the private key for that KeyID is on the smartcard. 3. Generate subkeys (encryption and signing) on the computer, signing them with the smartcard-based primary key. 4. Transfer the subkeys to a new smartcard, then deleting the subkeys from the computer. "gpg2 --card-status" generates the stubs for the subkeys, as above. I keep the backups in a physically secure location, including a locked box in my house and in a safe deposit box at my bank. I'm not really worried about physical compromise of my keys (I figure if someone's breaking into my house to steal my keys, I have more important issues at hand). My use of smartcards is to help reduce the risk of key compromise due to malware or some other computer-based attack, so they're kept in my immediate control but not as physically secure (e.g. in desk drawer, rather than in a locked box). Your exact strategy might differ slightly: for example, you might want to generate the keys on the card and never have private key material on the computer (this also prevents you from making backups), but the overall process should be similar. Since the smartcards don't support DSA or ElGamal keys, you can't use the cards to protect these types of keys (though you can use RSA subkeys with a DSA primary key). One of my keys is a DSA primary key, which I keep offline but have the RSA subkeys on a smartcard (I have three in total). I only use the DSA key for signing/certifying new subkeys or other people's public keys, then delete it from the computer. Cheers! -Pete -- Pete Stephenson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
