Hello everybody, I have a question about GPG & smartcard with keys expiring after a limited period of time.
Please address me directly in the answers because I'm not subscribed to the list. This is the situation: I use gpg with subkeys (sign & encrypt) on a smartcard, the main key is removed and saved offline. The subkeys expire after one year and now it's time to replace them. To do this operation I took the original keyring, with my complete secret key, and created two new keys with the "addcardkey" command, as usual with a one year lifetime. After that I removed again the secret keys from the working keyring and know I correctly have the new two key stubs in my working-keyring. Everything works fine. Let's get to the point: the next year, when this new keys will expire, I will have to create new keys and to do this I'll have to replace the keys on the smartcard which are not saved elsewhere. This means that after that operation I won't be able to read past encrypted messages anymore, am I correct? The only solution that comes to my mind is to NOT create the subkeys directly on the smartcard but to create them on the PC and then save them in the "master" keyring before moving them off the working-keyring into the smartcard. This way they will be always available in the "master" keyring. Is this to proper way to operate? Is there a better way to do the same? The idea of creating the keys off-smartcard seems to me a little stupid, as the smartcard was created for that. Maybe it's better to avoid limited lifetime on smartcard-keys? Thanks for any idea. Regards, dan -- JID: [EMAIL PROTECTED] (http://www.jabber.org) mailto:JID-"jabber." and remember: respect is everything . . . . . . . . . . . free your mind _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
