On 06/07/16 10:25, Damien Goutte-Gattat wrote: > True enough. In my case, I try to minimize the risk of human error by > using a script which automatically brings the key online (from its > offline USB storage), executes a single GnuPG command, then remove the > key again.
What is the threat model that this procedure thwarts? I don't think this is what is usually meant by an "offline primary key". The idea is that you have a separate computer for your primary key, not that you import it now and then. Unless I misinterpreted it myself. What's the practical difference between only typing in the password for the primary key when you need it and only storing it on local disk when you need it? I think usually a compromised PC doesn't spontaneously become uncompromised later on, it stays compromised. As soon as you use the primary key, it is compromised as well. And as long as you don't type your high quality passphrase, good luck to an attacker with just your encrypted key, they shouldn't be able to use it. I myself have my primary key on a different smart card than the subkeys. With GnuPG versions before 2.1, this required some "packet surgery", it's not really well supported. I think 2.1 will happily do this out of the box. By the way, I'm implying that you use a different passphrase for your primary key than for your subkeys. Again, with 2.1, easy, before that, packet surgery, I think. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
