problem signing with a smart card

Peter Lebbing peter at digitalbrains.com
Thu Jan 21 11:13:47 CET 2016


On 21/01/16 09:54, Tzafrir Cohen wrote:
> So I guess I should just create new subkeys in the card.

That's fine for the signature key, although you could also extend its
expiration date. But rotating signature keys is generally no more work
than distributing the extended expiration date, so IMHO you might as
well generate a new one.

But do note well that if you generate a new encryption subkey, you can
no longer use the smartcard to decrypt stuff encrypted to the old
encryption subkey! I'd hate for you to just go ahead and discover you've
just thrown out your only copy of the encryption subkey...

By the way, in my opinion, you should always have a backup of your
encryption subkey if it's on a card, because cards can break.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list