On Fri, 23 Feb 2018 23:08, jc.gnupg...@unser.net said: > Yes, that's what I plan to do, generate a subkey for each month in advance > and use this to encrypt my backups.
That raises the question for us whether it will make sense to change --quick-add-key fpr [algo [usage [expire]]] to add new parameter "creationdate" to make it easier to create keys for future periods. The parameter controlled batch key generation already allows for this. Background: gpg will not consider a future encryption subkey so that keys for the next period can instantly be distributed. > these keys. That is, if I have to restore certain files from a backup, and > the machine where the decryption happens might be compromised, I don't want > all backups to be compromised in a single step. You may also want to look into gpg-agent remote feature which is designed to protect your private key during restore operations. Here is an older description: <https://blog.flameeyes.eu/2016/10/gnupg-agent-forwarding-with-openpgp-cards/> You don't need to use smartcards and the extra socket is meanwhile by default configured. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpNME_4ysnZX.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
