Best practice to use several smartcards for a single key?
Andrew Gallagher
andrewg at andrewg.com
Sun Dec 13 22:22:44 CET 2020
> On 13 Dec 2020, at 11:08, Nicolas Boullis <nicolas.boullis at ecp.fr> wrote:
>
> My idea was that there was little chance that a smartcard fails (Werner
> Koch told me that the failure I experienced was exceptionnal) and if it
> does I can set up a new encryption key and, using the second smartcard,
> decrypt all the files that were encrypted for the old key and re-encrypt
> them for the new key.
How are you going to decrypt the old files if your old smartcard is already dead? If you don’t want to lose all access to your encrypted files, you *must* keep a backup of your encryption key material at the very least. There is no recovering from a deleted encryption private key.
I keep my key material on a Tails encrypted partition in a safe place. Alternatively you could keep a paper backup in a safe place. But there’s no getting around having some form of backup. What amounts to a “safe place” depends on your threat model of course...
A
More information about the Gnupg-users
mailing list