On Wed, Apr 24, 2019 at 10:01 AM Marek Szuba <mare...@gentoo.org> wrote:
> On 2019-04-24 13:41, Rich Freeman wrote:
> > What is the recommended way to create an on-card key?
> I haven't got my NitroKey yet but between the specifications (which say
> NK2 can hold up to 3 private RSA keys) and my prior experience with
> OpenPGP smartcards (which have always had at most one slot each assigned
> to authentication, encryption and signing), chances are pretty high you
> cannot have two separate signing keys in hardware. If so, your best bet
> is probably to generate the primary key in software (preferably with
> usage bits stripped down so that it can ONLY be used for signing keys),
> generate hardware subkeys associated with it, then stash the private
> primary key away somewhere.

Well, in that case recommendations for how to generate a key that
complies in software would be helpful.  There used to be a wiki
article on it, but it is marked with various warnings saying it isn't
recommended to follow it, and has seemingly vanished with a note that
it moved somewhere.

Aside from that, it seems a bit odd to issue devs Nitrokeys (at
significant expense to both the Foundation and a kind sponsor), then
require a key design that can't actually be stored on the Nitrokey.  A
Nitrokey-generated key is going to be way more secure than the way 99%
of devs will actually implement what seems to be intended, which is to
just generate their keys on a regular online host, and probably just
leave it there.

If it is the case that Nitrokeys can't support a separate primary key,
I'd suggest modifying the GLEP to remove that requirement when a
smartcard is in use.  Its main purpose is to keep a key component
offline, and if the key is generated on the card that is already
accomplished.  Maybe somebody has a suggestion for how to make the two
work together, otherwise I'll go ahead and suggest a GLEP revision for
the next Council meeting.


Reply via email to