[Gnuk-users] Storing Certification Key on Gnuk?

Jonathan Schleifer js-gnuk-users at webkeks.org
Sun Feb 15 17:55:51 UTC 2015


Am 15.02.2015 um 18:52 schrieb NdK <ndk.clanbo at gmail.com>:

> Il 13/02/2015 22:04, Jonathan Schleifer ha scritto:
> 
>> I'm wondering if it's somehow possible to store the certification key on the Gnuk when there's separate keys for certification and signing? The reason I ask is that the certification key is needed to sign other keys, which means you always have to go back to a secure environment where you can sign it, where the big problem is how to get the key onto it and off of it again without connecting it to the internet (which would make it an untrusted environment).
> Uh?
> IIUC in GPG certify key = main key while signing key is just one of the
> subkeys. You cak keep both on the token (maybe with different PINs?).

Yes, the certification key is the main key. However, the Gnuk only offers me to store a signing key (which is a separate subkey for me and not the main key), an encryption key and an authentication key.


--
Jonathan




More information about the gnuk-users mailing list