On 25/02/15 06:49, NdK wrote: > Use a smartcard and generate on-card a new key that replaces the expired > one.
While I agree this could be a neat setup for OP, it might be overkill or even impractical given the signing speed of a smartcard. I don't know what volume of signatures will be issued. Anyway, I said "destroy backups". I would arrange for backups not to include the signing key in the first place. If the system needs to be restored from backup (which would be very seldomly), just issue a new signing key. Still, you might have forgotten to exclude it on a one-off backup you made at one time or another. And the point was that it is not /needed/ to destroy the key, so I'll stop focussing on destroying the key... heh... :S HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
