On Mon, Apr 16, 2018 at 10:23:57PM +0200, Thomas Goirand wrote:
On 04/16/2018 03:09 AM, Daniel Kahn Gillmor wrote:
On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote:
The keys support storing 3 4096 bits subkeys, for auth, encryption and
signing. You're not supposed to store your master key in the Yubikey,
instead you'd just save the master key far away in a safe place. The
only issue is that then, you can't exchange key signature only using the
Yubikey, but I guess that's fine.
At Infomaniak, we have a master key without expiration, and the 3
subkeys expire within 365 days, and are renewed every year.
how does this work dring the transition phase of encryption subkey
rotation, when you've published your new encryption-capable key (so some
peers have it) but your old encryption-capable key is not yet expired?
During this stage of a subkey transition, i usually have some new
messages arriving that are encrypted to the old subkey, and others that
are encrypted to the new subkey. If i had put my decryption-capable
subkey on a smartcard with exactly one slot for a decryption key, i
wouldn't be able to decrypt some messages, so the usability seems
problematic. How do you handle it during this transition?
Easy: we just make the new subkeys on a new Yubikey, and keep 2 keys for
a short time (a month or 2, which is enough for the Debian keymaster to
update the keys). That's ok because we have lots of spare Yubikeys. I
guess it should be a way more annoying if you don't.
I would advise you against generating new subkeys, after some years your
public key will be a mess (like mine, 0x44BB1BA79F6C6333), as you cannot
never remove expired/revoked keys from the public part.
If you are talking about private-company wide keys, it may make sense
but for your personal life-long key I don't think is worth it
After that period, we can still use the old saved .gnupg that we store
on an encrypted USB key, together with the private part of the master
key. We got to make sure we have access to the private part of the
master key to exchange key signature anyways, even if the point of
having subkeys is to *not* store it on our laptops.
I have to admit I don't really like rotating the subkeys that often,
it's annoying, and I'm not so sure if it adds so much security. :/
Thomas Goirand (zigo)