Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
> Hello,
>
> Iustin Pop <ius...@debian.org> wrote on 31/03/2024 at 13:13:27+0200:
> > Option 2: Generate keys on the yubikey and have them never leave the
> > secure enclave. That means having 2 yubikeys per developer, and ensuring
> > you keep track of _two_ keys, but it does ensure there's a physical
> > binding to the key.
> >
> > Are there other options? And which option is proposed?
>
> I would object against creating a PGP key on the HSM itself. Not having
> the proper control on the key is room for disaster as soon as you lose
> it or it dies.
For subkeys, isn't that a benefit rather than a disadvantage?
You lose the key, or it gets destroyed / unusable; good, you get a new subkey
instead of reusing the existing one on a different HSM.
--
OdyX
