Gentoo Archives: gentoo-dev

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-dev@l.g.o, Rich Freeman <rich0@g.o>
Subject: Re: [gentoo-dev] Best way to create a GLEP 63 compliant GPG key on Nitrocard?
Date: Wed, 24 Apr 2019 15:58:08
In Reply to: Re: [gentoo-dev] Best way to create a GLEP 63 compliant GPG key on Nitrocard? by Rich Freeman
1 On 4/24/19 4:19 PM, Rich Freeman wrote:
2 > If it is the case that Nitrokeys can't support a separate primary key,
3 > I'd suggest modifying the GLEP to remove that requirement when a
4 > smartcard is in use. Its main purpose is to keep a key component
5 > offline, and if the key is generated on the card that is already
6 > accomplished. Maybe somebody has a suggestion for how to make the two
7 > work together, otherwise I'll go ahead and suggest a GLEP revision for
8 > the next Council meeting.
10 The nitrokey has 3 slots, one signing (which can hold signing subkey or
11 primary), encryption and authentication. So yes, the primary should be
12 kept on an offline system or on a separate token that isn't brought
13 around on regular basis, while the daily use operations use subkeys that
14 reside on the token.
16 The GLEP should not be changed on the requirement for distinct signing
17 subkey, this is one of the expected results of it to begin with.
18 --
19 Kristian Fiskerstrand
20 OpenPGP keyblock reachable at hkp://
21 fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3


File name MIME type
signature.asc application/pgp-signature