Il 24/06/2013 16:01, Josef Schneider ha scritto: > Then you need a secure way to store the CA key. That is essentially > exactly the same problem! Nope. Throwaway CA! > I mean you can put it on a card and allow export of the CA key only if > the request is signed by a SuperSecureCA key... There's no need to be able to export CA key. Actually the recommended way of using it (to limit key export) is: - generate CA key on card - "sign" all the needed keys - destroy it The CA key shouldn't last for long. It's not an X.509 CA.
> But how do you control the export of the SuperSecureCA key? Not needed at all. Neither SupeerSecureCA nor a key export control for its non-existant key :) > If you want a key backup, why not just create the key on a secure > offline machine, copy it to a secure location (I print mine out using > PaperBak) and then move it to the card on that secure offline machine? > Works great! First: I trust more the RNG on a card than a SW one Second: maintaining an offline machine is not cheap (at least here in Italy, you can't legally use a computer where there haven't been applied security patches for more than 6 months) Third: you have a potentially accessible copy of your key -- nothing prevents your backup from being photocopied... Sure, it's encrypted but bruteforcing it is possible, at least in theory, while the original is apparently untouched. A smartcard would require physical possession of the original for quite some time (IF you decide to keep the CA key). What I suggest is something that "replaces" (being "a bit" more versatile) an offline machine where you generate a key and store it to N cards, then zap it. BYtE, Diego. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
