gHello, I've been happily using a yubikey neo for a while now, but I'm starting to have two problems with it:
1) I mostly use a desktop, but when I'm on my laptop it comes loose too easily 2) On either desktop or laptop, my now ever-curious 1-year-old can easily grab it. In fact, it's one of his favorite targets. So I bought a neo-n that slips completely into the USB port. I'd like to leave the -n in my desktop and carry the regular one around with me. I'd also like to start experimenting with the NFC interface for signing from k-9 on android. [A] I have a separate auth key for SSH on each smartcard. In fact, I don't even pair these with my OpenPGP master as I don't see an advantage at this time for doing so [E] This I rarely use, but I have the same key on each card because I took a backup before keytocard. (Otherwise, I lose data if I lose the key). [S] This is the sore point. Do I try to keep the same key on both cards? The shadow copy in private-keys-v1.d is tied to a specific card, but it seems easy to update, in fact I think it updates itself. I'd have to generate a new key though because I never took a backup of my signing key as the public portion would always be available for verification in the future. [2] Alternatively, and my preference, I'd like to have separate signing keys for each card. The problem is then I need to start mucking with -u <id>!. My home directory is rsync'd across all my computers and I'd rather not add an exception for .gnupg/gpg.conf because there are other settings in there that I want to replicate. Also -u <id>! is even more of a pain with Enigmail, where most of my signing takes place. Why isn't gpg smarter about selecting only from the /available/ keys at the time of signing? BTW, I'm using 2.1.3 Thought, comments? Thanks! Matt
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
