1 |
On 4/24/19 4:19 PM, Rich Freeman wrote: |
2 |
> If it is the case that Nitrokeys can't support a separate primary key, |
3 |
> I'd suggest modifying the GLEP to remove that requirement when a |
4 |
> smartcard is in use. Its main purpose is to keep a key component |
5 |
> offline, and if the key is generated on the card that is already |
6 |
> accomplished. Maybe somebody has a suggestion for how to make the two |
7 |
> work together, otherwise I'll go ahead and suggest a GLEP revision for |
8 |
> the next Council meeting. |
9 |
|
10 |
The nitrokey has 3 slots, one signing (which can hold signing subkey or |
11 |
primary), encryption and authentication. So yes, the primary should be |
12 |
kept on an offline system or on a separate token that isn't brought |
13 |
around on regular basis, while the daily use operations use subkeys that |
14 |
reside on the token. |
15 |
|
16 |
The GLEP should not be changed on the requirement for distinct signing |
17 |
subkey, this is one of the expected results of it to begin with. |
18 |
-- |
19 |
Kristian Fiskerstrand |
20 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
21 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |