My current setup is as follows:
sec# rsa4096/E97E8047 2016-07-18 [C]
uid [ultimate] Jonas Finnemann Jensen <jojensen@mozilla.com>
uid [ultimate] Jonas Finnemann Jensen <jopsen@gmail.com>
uid [ultimate] Jonas Finnemann Jensen <jonasfj@mozilla.com>
ssb> rsa2048/65F03C8F 2016-07-18 [S]
ssb> rsa2048/3DC1E49C 2016-07-18 [E]
ssb> rsa2048/7AD1E9A1 2016-07-18 [A]
In short:
- Master key w. certify features stored on a USB drive (access only from livecd sessions without the Internet)
- 3 sub-keys with authentication, signing and encryption functions stored on yubikey, always attached or in my key ring.
As I understand it, I cannot sign other GPG keys without my master key. So, how can I participate in the GPG Signature Group? Not traveling with my precious key?
What possible measures can I take to protect my master key?
- I tried moving it to a jubilee, but it failed (because it doesn’t have the capabilities of S, E, or A. Am I missing a trick?
- Can I use other devices?
- HSM, , SSH, , ? , GPG?
, -, , USB- livecd , .
. . - :)