On Tue 2018-04-17 00:39:41 +0900, Norbert Preining wrote: >> problematic. How do you handle it during this transition? > > I have my expired key available on my computer, and the active subkey > only on the Yubikey I use. That means I can still decrypt old > messages etc, but for signing and decrypting messages to the current key > I need to have the Yubikey available.
what do you see as the advantage of a hardware token for message decryption given that the key will be transferred to main memory after it expires? is it the marginal temporal advantage of key inaccessibility for a software-based attacker, or something else? --dkg