Re: SSL for debian.org/security?
On Tue, Nov 12, 2013 at 01:15:38PM -0500, Hans-Christoph Steiner wrote:
> Having the key generated on the card is the most secure, since those cards are
> designed so you can't read the secret key off of the card. So the cost of
> putting a new certificate on the card is only someone's time for generating
> and uploading and new key to it.
But there is the significant downside that it is not possible to
backup the key, so if the card gets destroyed in a fire or just fails
and stops working, the key needs to be revoked, since only one
physical copy of the private key exists. (Which also means that only
one machine can sign with the key.)
So for widely used keys it might be better to create the keypair in a
trusted (airgapped from any network and diskless) machine running
something like Debian Live or Tails, and in addition to uploading it
to the smart card, make few backup copies to offline media (e.g. USB
sticks) to be stored in a safe location.