On 4/17/18 5:02 PM, Daniel Kahn Gillmor wrote: > Te takeaway that i'm getting from this thread is that there isn't anyone > using smartcards for decryption-capable subkeys that rotates those > subkeys. That's a useful observation, if a bit disappointing. I think the work James Bottomley is doing on TPM2 would help with this, once merged into gnupg2 at some point in the future. In that case multiple key blobs can be sealed to the crypto chip in your laptop and you can have as many as you want. And the crypto operations do not run on the main CPU. Alas I was a little disappointed that most of the things he talks about were not yet merged upstream in the various projects he provides patches for. Despite doing the right thing and proposing them in the right venues. ;-) Kind regards Philipp Kern
Attachment:
signature.asc
Description: OpenPGP digital signature