The how-to guides:
http://wiki.fsfe.org/Card_howtos
all steer people away from keeping the main key on a card. Yet some of the coloured notes here:
http://www.gnupg.org/howtos/card-howto/en/ch05s02.html
suggest that may not be best practice today.
Can anyone comment on the state of play?
My understanding is that various possibilities exist, potentially with multiple cards:
card 1: - main RSA private key - used for signing other keys - kept in a safe at home
card 2: - sub key - signed by main key - card that is kept in the wallet
* Daniel Pocock daniel@pocock.com.au [121007 19:43, mID 5071BF34.2010704@pocock.com.au]:
Can anyone comment on the state of play?
I strongly suggest to use subkeys for your card and keep the main key out of the keyring you are using on a daily basis. If you need to change UIDs in your key or sign another key, you can still get your backup from the Orcs and use it for these tasks. For everything else, using the card with its subkeys is just find.
If you need to use your card on a computer not under your control, you can just run the "fetch" command on the card and GnuPG will get your public key from the URI saved on the card. You can then immediately use the card on that machine. I consider this a great feature and it's proven useful to me once in the past.
Just my €0,02
Martin
Martin Gollowitzer gollo@fsfe.org a écrit :
If you need to use your card on a computer not under your control, you can just run the "fetch" command on the card and GnuPG will get your public key from the URI saved on the card. You can then immediately use the card on that machine. I consider this a great feature and it's proven useful to me once in the past.
Just my €0,02
The fetch feature would be a nice addition to the wiki, if it isn't there already.
Thanks for the tip Martin, Hugo
* Hugo Roy hugo@fsfe.org [121018 09:17, mID 1350544609.26642.7.camel@synclavier.lan]:
Martin Gollowitzer gollo@fsfe.org a écrit :
If you need to use your card on a computer not under your control, you can just run the "fetch" command on the card and GnuPG will get your public key from the URI saved on the card. You can then immediately use the card on that machine. I consider this a great feature and it's proven useful to me once in the past.
Just my €0,02
The fetch feature would be a nice addition to the wiki, if it isn't there already.
Thanks for the tip Martin
De rien. Feel free to add this at a place in the page you'd consider appropriate :-)
Martin ~
Le jeudi 18 octobre 2012 à 17:06 +0200, Martin Gollowitzer a écrit :
- Hugo Roy hugo@fsfe.org [121018 09:17, mID 1350544609.26642.7.camel@synclavier.lan]:
Martin Gollowitzer gollo@fsfe.org a écrit :
If you need to use your card on a computer not under your control, you can just run the "fetch" command on the card and GnuPG will get your public key from the URI saved on the card. You can then immediately use the card on that machine. I consider this a great feature and it's proven useful to me once in the past.
Just my €0,02
The fetch feature would be a nice addition to the wiki, if it isn't there already.
Thanks for the tip Martin
De rien. Feel free to add this at a place in the page you'd consider appropriate :-)
I think I am going to try a new gpg setup. Mine is getting confusing with all the subkeys etc. I think the howto could do better at explaining how to manage keys.