On 22 Jan 2017, at 18:47, Adam Sherman <a...@sherman.ca> wrote: > > But, using an air-gapped system to sign keys that you trust seems rather > unwieldy, particularly when you include in the process the need to copy > the public keys to media accessible by the air-gapped system.
Working out what to do with your primary key is the big conundrum. I don't think there is a perfect solution. > Could a second smartcard be used to generate and store the master key, > instead? Yes, and there are some on this list (not me!) who have done so and can share their experiences. > What do others do? I keep my primary keys on a Tails persistent volume, and use a smartcard for the subkeys. I find Tails an acceptable compromise between completely airgapped keys and convenience. YMMV. https://tails.boum.org I've written utilities to simplify key management and persistent volume backups, but these should be considered experimental and beta (respectively). I've been meaning to polish them up but can't seem to find the time - they both need extensive refactoring. But if you feel like living on the bleeding edge, go for it. :-) https://andrewg.com/frith.html Andrew _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
