Le dimanche, 31 mars 2024, 21.23:10 h CEST Arto Jantunen a écrit :
> Didier 'OdyX' Raboud <o...@debian.org> writes:
> > Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
> >> I would object against creating a PGP key on the HSM itself. Not having
> >> the proper control on the key is room for disaster as soon as you lose
> >> it or it dies.
> >
> > For subkeys, isn't that a benefit rather than a disadvantage?
> >
> > You lose the key, or it gets destroyed / unusable; good, you get a new
> > subkey instead of reusing the existing one on a different HSM.
>
> For the authentication and signing subkeys this is indeed true. For the
> encryption subkey significantly less so (as things encrypted against
> that key then become impossible to decrypt).
I was missing that perspective; thanks!
--
OdyX
