Let's say, I have an key on my laptop, which I currently use. The "main" key (C) is saved elsewhere, and I am using only the subkeys (S, E, and A).

Now, I want to use a to store my keys. What would your strategy be?

Boosts welcome!

Similar question. I am also using @k9mail on my smartphone and would like reading encrypted messages there (using ). What would you do?

If keys were on your laptop they could’ve been stolen so I'd re-generate new ones on an offline, air-gapped machine. To keep things simple I generated all subkeys in software and only copied them to Yubikeys (signing subkeys can be generated on the card).

As for existing keys if they have expiration dates (as they should) you can just let them expire or soft-revoke it.

For K-9 Mail just use your token it’s super-convenient. OpenKeychain doesn’t store private keys in a secure element so via rooting one can get the private bits.

Of course this is purely paranoid setup but I’m using it and it’s quite convenient. If you use pass I recommend Password Store (the new one).

@wiktor thank you for your response 🙏

Yeah, I already do everything in Tails OS and don't have the main key anywhere but in a KeePass database 😅

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.