Now that I’m using OpenPGP cards for GnuPG, I may as well start using them for their other bells and whistles too. The first and most useful such extra feature of those cards is using the authentication key for SSH. Continue reading
I have recently started to become much more involved in the Debian project, maintaining my own package (ulogd2) and doing a pair of uploads to other packages. Debian uses GPG / OpenPGP keys widely for signing the archive, authenticating uploads by developers and so on, so I needed a secure GPG key that I could use for my interactions with Debian.
I have had a key for some time now which has been signed by a handful people—and thus reasonably well trusted—but I hadn’t taken the best care to keep it secure. I have no reason the believe the key has been compromised at all, but the fact is that I copied the key around to several of my machines so that I could use it on all of them, and instead of using sub-keys as is common best practice I just copied the whole key across. If someone had managed to take a copy of my key and crack its pass-phrase, I would have no choice but to revoke the entire key. Continue reading