subkeys on smartcard?

Pete Stephenson pete at heypete.com
Wed Jun 26 15:22:49 CEST 2013


On Wed, Jun 26, 2013 at 3:10 PM, Daniel Pocock <daniel at pocock.com.au> wrote:
> I understand this is a bit old, but I believe the concept is still current:
>
> http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507429
>
> Essentially, can anyone confirm why it is recommended to only store
> subkeys on a smart card?
>
> a) is it because of the risk that the card might be lost or damaged?
>
> b) or is it because of the risk that a smartcard may fall into the wrong
> hands?
>
> If the primary key was generated on a PC and stored onto two smart cards
> and they were both kept in secure locations and only used in a secure
> location, is it therefore quite acceptable to use the primary key on a
> smart card and potentially more secure than keeping it on a disk?

[original reply was sent only to Daniel, I'm re-sending the reply to
the mailing list]

I think it's mostly the latter (i.e., that the primary key could fall
into the wrong hands). That, and many people have DSA primary keys
that are not supported by the RSA-only smartcards.

Using subkeys helps insulate the primary key from potential badness:
subkeys can be revoked and replaced without any major issues.

Revocation of the primary key would require that one re-acquire
signatures from other people to regain their position in the Web of
Trust. This can often be a hassle. The same thing applies if there's
no backup of a smartcard-based primary key.

Personally, I keep encryption/signing subkeys on one smartcard and the
primary key on a different smartcard (both with offline, secure
backups).



More information about the Gnupg-users mailing list