Hi all,
so here's a question that I'm sure people here have already been thinking
about... Like probably many others here I have a gpg smartcard with three
subkeys Sign, Encrypt, Authenticate, and an offline Certify master key at a safe
place.
* If I want to let my Signature subkey expire and generate a new one, that's
not a big problem for me, since the public key is still available to everyone
on the keyservers for verifying sigs.
* If I want to let my Auth subkey expire and generate a new one, well I just
need to add the new one to all authorized_keys files in time.
But how do I sensibly handle a graceful sunset of an encryption key? If I
replace the subkey on my card, I immediately can't read old e-mails anymore.
If I had the key in a file, I could keep the old, expired subkey around and
still decrypt the data, but that would kinda defy the security provided by the
card...
My best idea so far is to generate a second token (Nitrokey, Yubikey or
similar) *only* for old encryption subkeys, and additionally plug that in if I
need to read an old message. Does anyone already have experience with such a
setup?
Best,
Andreas
--
Andreas K. H?ttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, qa, toolchain, base-system, perl, libreoffice)
so here's a question that I'm sure people here have already been thinking
about... Like probably many others here I have a gpg smartcard with three
subkeys Sign, Encrypt, Authenticate, and an offline Certify master key at a safe
place.
* If I want to let my Signature subkey expire and generate a new one, that's
not a big problem for me, since the public key is still available to everyone
on the keyservers for verifying sigs.
* If I want to let my Auth subkey expire and generate a new one, well I just
need to add the new one to all authorized_keys files in time.
But how do I sensibly handle a graceful sunset of an encryption key? If I
replace the subkey on my card, I immediately can't read old e-mails anymore.
If I had the key in a file, I could keep the old, expired subkey around and
still decrypt the data, but that would kinda defy the security provided by the
card...
My best idea so far is to generate a second token (Nitrokey, Yubikey or
similar) *only* for old encryption subkeys, and additionally plug that in if I
need to read an old message. Does anyone already have experience with such a
setup?
Best,
Andreas
--
Andreas K. H?ttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, qa, toolchain, base-system, perl, libreoffice)
Attached Files:
-
signature.asc (0.81 KB)