Il 25/02/2015 00:01, Peter Lebbing ha scritto: > On 24/02/15 23:16, Daniel Kahn Gillmor wrote:
> If you asked me to /destroy/ the key, I would look through my drawers for all > backups I have and do a "shred" on them, and think really hard where any > further > copies might have ended up. Use a smartcard and generate on-card a new key that replaces the expired one. So an attacker could still abuse the key (it's not protected) but can not extract it to keep copies around. I really like SCs for signature and authentication[*] keys since often even if those keys are lost it's not a big deal as long as they can't be abused. [*] for auth, only if there's a centralized repository for the public key, else updating all instances of the pub key stored in devices could be a major hassle. BYtE, Diego. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
