Demi Obenour wrote on 1/7/19 3:16 PM:
Looking through the GPG CVE list, it appears that GPG has a fantastic
security record. This seems to jus Most of the recent vulnerabilities have
been side-channel attacks.
Is it useful to use split-GPG with a hardware token to prevent side-channel
attacks?
I am far from a cryptographer, but IIRC those side channel attacks get
the key by observing decryption leaks. So a hardware token wouldn't
affect that either way, because once the key is unlocked it still gets
processed the same.
Also, is it best to use one signing key per project one is working on?
Again, not a crypto expert but if you're using the same development
workflow for all projects, don't see much security gain from separate
keys. If some demand a different, potentially less secure workflow,
those might benefit from subkeys. Hopefully someone experienced has more
insight!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/caa9d5ae-5c45-2f54-326d-a1a69a801aa6%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.
