On 05/18/2016 06:16 PM, Florian Snow wrote: > To be fair, I don't really need a smartcard right now anyway. > I am happy having my GnuPG keys on an encrypted hard drive.
Besides GnuPG, you can also use it for SSH logins. > That does not protect against every kind of attack, > but it is good enough at the moment (and I get to use larger keys). Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by Zeitcontrol support up to 4096bit RSA keys. Which is already a quite ridiculous size. More important is to rotate (sub)keys regularly, so you don't rely on a single key for a long period. The primary (master) key can still be larger, and does not have to be stored on a smartcard anyway. Unfortunately, it is very hard to manage rotating subkeys with smartcards, and I have yet to see a tutorial that touches on that aspect. Makes me wonder if anyone really uses it properly. Where do you keep your subkeys if you rotate, say, every 6 months? I really don't want to carry around 10 smartcards to be able to access a 5 year old email. But, yes, that's more of a "mail-in-storage" problem than a GnuPG problem. Mailvelope shows how one should do it: Symmetric encryption at rest, and GnuPG only for transport. _______________________________________________ Discussion mailing list Discussion@fsfeurope.org https://mail.fsfeurope.org/mailman/listinfo/discussion
