Brandon Anderson via Gnupg-users writes:
> Thanks for posting about the PivApplet project. I was looking for
> something like that for either the basic cards or java cards as I
> wanted to tinker around with them. Do you have a specific Java card
> model you are using?
You'll want something that
Whatever the merits of retired key slots for their intended use, there's
another use case for them which was probably not considered by NIST:
alternate certificates for X.509, SSH and similar authorization
applications to work around deficiencies in existing systems.
Examples:
- Github allo
Werner Koch via Gnupg-users writes:
> Frankly, I am not convinced about the retirement slots on the card.
> They are of course useful if you rotate you key. But the question is
> why you want to do this given that the keys are anyway securely stored
> on a card.
Whatever the merits of retired k
Thanks for your offer. However, it is mainly a spec and hardware thing
and the software part is minor.
If you are a vendor of an OpenPGp comliant card, you are likely already
in contact with Achin Pietig, who is responsible for the specs.
Yea, I am not a vendor of an OpenPGP card, just an int
On Thu, 24 Jun 2021 02:21, Brandon Anderson said:
> First, if you are working on a new revision of the OpenPGP card,
> please let me know if I can reasonably do anything to help. While I
Thanks for your offer. However, it is mainly a spec and hardware thing
and the software part is minor.
If yo
I am not arguing that paper copies are less reliable; of course, they
are; however, they are not as secure.
As I reread this email, I realized what I said here may have been
unclear. I meant to say, of course, paper copies are more reliable than
hardware tokens; they are just less secure.
Op
concerned, you could use three. The probability that one card out of
ten will have a failure in a decade is far higher than the chance that
You should also be concerned that malware bricks your (backup) card.
You can only avoid that by using an always air-gaped box which is pretty
inconvenient.
On Tue, 22 Jun 2021 21:53, Brandon Anderson said:
> concerned, you could use three. The probability that one card out of
> ten will have a failure in a decade is far higher than the chance that
You should also be concerned that malware bricks your (backup) card.
You can only avoid that by using a
Or is it money? Something else?
Money and usability are certain factors here. Most of these tokens are
in the realm of $50 apiece; the GPG smart card, while closer to $20, is
still another $30 in shipping, so it would be costly unless I purchased
all ten upfront. Not to mention the user experi
On Dienstag, 22. Juni 2021 20:47:45 CEST Brandon Anderson via Gnupg-users
wrote:
> I agree that for most people having a paper backup stolen is unlikely,
> but then again, most people are not using GPG, to begin with, let alone
> GPG with smartcards or security tokens. There are several security
>
Many tutorials, examples, and articles that are talking about using
Yubikeys and smartcards currently suggest making paper backups of the
encryption key so you can add it to new devices if needed. But this, at
least to me, feels like it's significantly reducing the value of
using secure har
On 22/06/2021 17:53, Brandon Anderson via Gnupg-users wrote:
Many tutorials, examples, and articles that are talking about using
Yubikeys and smartcards currently suggest making paper backups of the
encryption key so you can add it to new devices if needed. But this, at
least to me, feels lik
For the benefit of the archives, it is possible to encrypt outgoing
emails to your own key as well as the recipient's key, which ensures
that the sent-mail folder is readable by the sender. Most email
clients will do so by default (e.g. mutt, thunderbird/enigmail), and
in most such clients all
On 22/06/2021 07:47, Brandon Anderson via Gnupg-users wrote:
If you know the recipient, then solving the latter is easy. Ask the
recipient
to resend the message encrypted with your new key.
In my setup, when something is sent, only the encrypted mail is sent to
my sent folder, so if I were
On Mon, 21 Jun 2021 23:47, Brandon Anderson said:
> the PIV functions only support 2048 RSA and NIST curves. The only card
That's per PIV specs.
> What would it take to add support for retirement key slots into the
> GPG smartcard specification? If retirement slots were added to the
> smartcard
If you know the recipient, then solving the latter is easy. Ask the
recipient
to resend the message encrypted with your new key.
In my setup, when something is sent, only the encrypted mail is sent to
my sent folder, so if I were asked as you suggest, I would have no way
to send the letter w
On Montag, 21. Juni 2021 04:52:37 CEST Brandon Anderson via Gnupg-users wrote:
> The problem, of course, comes when I need to decrypt old messages signed
> with the revoked key or if someone at a later point sends an encrypted
> message to the revoked key.
If you know the recipient, then solving t
Hey everyone,
I have a question regarding using secure hardware such as
Yubikey/Nitrokey, GPG smartcards, and the handling of encryption key
rotation and replacement. I currently have a GPG key with a 4096 bit RSA
key generated on a GPG smart card version 2.1. I have recently acquired
two Yub
18 matches
Mail list logo
