Le dimanche, 31 mars 2024, 21.23:10 h CEST Arto Jantunen a écrit : > Didier 'OdyX' Raboud <o...@debian.org> writes: > > Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit : > >> I would object against creating a PGP key on the HSM itself. Not having > >> the proper control on the key is room for disaster as soon as you lose > >> it or it dies. > > > > For subkeys, isn't that a benefit rather than a disadvantage? > > > > You lose the key, or it gets destroyed / unusable; good, you get a new > > subkey instead of reusing the existing one on a different HSM. > > For the authentication and signing subkeys this is indeed true. For the > encryption subkey significantly less so (as things encrypted against > that key then become impossible to decrypt).
I was missing that perspective; thanks! -- OdyX