Thanks Andrew and Peter for your advice. Of course it is my old encryption key and have data encrypted with it, but there is not a lot file (maybe except for pass* :-/ ) I will thinking how to procede, backup masterkey before begin and hope I haven't forget encrypted data...
I haven't heard about monkeysphere but I've found website so I will study it :) Thanks for every thing :D Antoine Michard GPG Key: 0xF5C9E7CD0882B381 Le 21/01/2016 16:24, Andrew Gallagher a écrit : > On 21/01/16 15:13, Peter Lebbing wrote: >> On 21/01/16 15:47, Andrew Gallagher wrote: >> >>>> PS2: I can do the same with my authentication key, because if my key is >>>> compromise, my SSH server don't know it ! Right? >>> >>> Yes. >> >> Let's talk about two separate issues: >> >> - If the smartcard breaks, you don't have access to the key anymore and >> you need some alternative way of getting a new key authorized (the >> normal way being to log in and add it to authorized_keys, but you can't >> login with the old key anymore because the smartcard broke). >> >> - If your authentication subkey is /compromised/, you can still log in >> to the SSH server, install a new key by editing authorized_keys, and at >> the same time remove the old key from there. However, so can your >> attacker. Having a key backup doesn't help against compromise. > > Yes to all the above. I'd just point out that the same considerations > apply to any lost vs. stolen authentication token (e.g. password). > > A >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
