Hi, Since the smartcard that held all my subkeys died, I have to replace my subkeys, and I’m willing to store them on several smartcards, just in case I am unlucky again…
I wonder whether I should the same subkey or different subkeys on different smartcards. As far as I understand it, for encryption, if I have several encryption subkeys, people who send me encrypted messages will encrypt for single subkey. Hence, if I want to be able to decrypt the message with any smartcard, then I have to use a single subkey that is held by all smartcards. As for signature subkeys, as I understand it, there is no problem with using several distinct subkeys, so I can sign with the one that is available, and people who verify the signature will accept any subkey. Moreover, if a smartcard is lost/stolen, I can revoke its signature subkey. As for the authentication subkeys (that I use for SSH connection), it behaves like the signature subkeys, except that I have to explicitly allow each subkey on all machine that I want to connect to. Any opinion on this? As a bonus question: given that my “master” private key is also stored on a smartcard, is there a way to ask GnuPG to generate a signature subkey on a second smartcard, while signing it with the first smartcard? Or do I have to first generate it in software and sign it with the first smartcard, and then export it to the second smartcard? Best regards, -- Nicolas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
