On 22/06/2021 17:53, Brandon Anderson via Gnupg-users wrote:
Many tutorials, examples, and articles that are talking about using Yubikeys and smartcards currently suggest making paper backups of the encryption key so you can add it to new devices if needed. But this, at
least to me, feels like it's significantly reducing the value of using secure hardware like smartcards in the first place. Having the keys only ever exist on secure hardware, including the backups, would make this unnecessary.
The disadvantage of only ever storing secret key material on a finite number of secure hardware devices is that all such devices have a lifetime, and once they're all dead your information is gone. You'll still find yourself re-encrypting all your data to a new encryption (sub)key when you get down to your last working hardware device.
Having a non-secure offline backup does not negate all the advantages of secure hardware. It depends on the threat model of course, but *most* people are much more likely to have their laptop compromised remotely than have their safe cracked and the paper backup stolen.
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
