On Mon, May 19, 2025 at 6:08 PM Jay Acuna <[email protected]> wrote: > > On Sun, May 18, 2025 at 6:58 AM Richard Stoughton <[email protected]> wrote: > > To "sign" the hash on M, it would be necessary to inject a one-time > > secret (e.g. a OpenPGP private key > > This would seem to invalidate H's purpose for existing. At that point > may as well backup the keys on H > & move its signing subkey to a USB GPG Card. Install the card-based > keypairs on M, > and remove H from the process. > > The card provides M a means to sign only at the time that physical > card is inserted, > w/the correct PIN is entered, and M never gains access to read the secret.
Currently M are short-lived cloud instances that run the build process without user interaction. I don't see how to use a HSM or similar hardware in this case. _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
