On 06/07/16 10:25, Damien Goutte-Gattat wrote:
> True enough. In my case, I try to minimize the risk of human error by
> using a script which automatically brings the key online (from its
> offline USB storage), executes a single GnuPG command, then remove the
> key again.
What is the threat model
On Wed, Jul 6, 2016 at 7:41 PM, Dashamir Hoxha wrote:
>
> I would suggest the script key2dongle which is part of egpg:
> - https://github.com/dashohoxha/egpg/wiki/gnupg-2.1-key2dongle
> -
> https://github.com/dashohoxha/egpg/blob/gnupg-2.1/src/ext/cmd_key2dongle.sh
>
By the way, do you think th
On Wed, Jul 6, 2016 at 10:25 AM, Damien Goutte-Gattat <
dgouttegat...@incenp.org> wrote:
>
> Storing the master key offline and having to import it whenever I want
>> to sign other keys might actually decrease security, since it offers
>> enough of a possiblity to mess things up
>>
>
> True enough.
On 07/05/2016 09:27 PM, Karol Babioch wrote:
No, only the master key can sign other keys.
Is this a limitation of GPG and my premises or is this something
inherent to the OpenPGP standard?
According to the standard, any key with the "Certify" flag set can be
used to sign other keys. And unle
Hi,
Am 05.07.2016 um 20:07 schrieb Damien Goutte-Gattat:
> In your case, the simplest way would be to migrate your master key into
> the signing slot and the encryption subkey into the encryption slot.
Ok, although I quite don't like the idea and prefer option #2.
> I would indeed recommend to g
On 07/05/2016 05:55 PM, Karol Babioch wrote:
The smartcard expects three different keys, though: One for signing,
encrypting and authenticating. What is the recommended way to migrate
to the smartcard?
In your case, the simplest way would be to migrate your master key into
the signing slot and
Hi,
I've recently bought an OpenPGP smartcard and am now looking into ways
to migrate my existing key onto this smartcard. I've created my key a
couple of years back and have gathered some signatures, so I don't want
to start over.
Right now I have a master key with the "SC" key usage flags and a
