thanks, Sorry for the double messages, I sent the first before subscribing to the list and I tought it was not forwarded to the mailing list.
Briefly: - use tails to genereate master (default settings) and subkeys - export the public key and fingerprints - backup master to a cold storage - export the subkeys for later usage - move the subkeys into the laptop I'll skip the smart card now, I'll only generate and add to it a A subkeys for accessing ssh in case I'm away of the pc. I think I can have multiple A subkeys, not like E keys that only the last is used, and use them to ssh servers if all these subkeys are added to the server Regarding the rest: On Fri, Feb 17, 2017 at 3:11 PM, Andrew Gallagher <andr...@andrewg.com> wrote: > ... cut ... > > If you run "keytocard" and then save your changes, you will delete the > on-disk copy of those subkeys. They will only then exist on the > smartcard. I normally don't recommend this, as it means you have no way > to back up your E subkey, and if your smartcard breaks you then lose > access to all data encrypted to it. If you are keeping your master > offline, there is IMO little extra risk in also keeping an offline > copy of your E subkey. In order to do this, once you run "keytocard" on > all three subkeys you should immediately quit gnupg *without saving*. > This will ensure that the on-disk copy is not deleted. > wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the smartcard). Can't I create a new E (called E2) from my master and decrypt the data? Or the data encrypted are decriptable only by the exact E (E1 in this case) that was used to encrypt it? Can't I export the subkeys to a file and backup that file and then move the keys to the card? Will I be able to restore the keys if they get lost? Sending you a sperarte email for the script (which seems the one you have on the website) -- Stefano
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users