Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit : > Hello, > > Iustin Pop <ius...@debian.org> wrote on 31/03/2024 at 13:13:27+0200: > > Option 2: Generate keys on the yubikey and have them never leave the > > secure enclave. That means having 2 yubikeys per developer, and ensuring > > you keep track of _two_ keys, but it does ensure there's a physical > > binding to the key. > > > > Are there other options? And which option is proposed? > > I would object against creating a PGP key on the HSM itself. Not having > the proper control on the key is room for disaster as soon as you lose > it or it dies.
For subkeys, isn't that a benefit rather than a disadvantage? You lose the key, or it gets destroyed / unusable; good, you get a new subkey instead of reusing the existing one on a different HSM. -- OdyX