[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xz backdoor

On 2024-03-31 22:23:10, Arto Jantunen wrote:
> Didier 'OdyX' Raboud <odyx@debian.org> writes:
> 
> > Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
> >> I would object against creating a PGP key on the HSM itself. Not having
> >> the proper control on the key is room for disaster as soon as you lose
> >> it or it dies.
> >
> > For subkeys, isn't that a benefit rather than a disadvantage?
> >
> > You lose the key, or it gets destroyed / unusable; good, you get a new subkey 
> > instead of reusing the existing one on a different HSM.
> 
> For the authentication and signing subkeys this is indeed true. For the
> encryption subkey significantly less so (as things encrypted against
> that key then become impossible to decrypt).
> 
> Personally I have generated the signing and authentication subkeys on
> the HSM itself (and thus at least in theory they cannot leave the HSM),
> and the encryption subkey I have generated on an airgapped system and
> stored on the HSM after making a couple of backups.

I am really confused now on how all this works. How can you generate
parts of a key (i.e. subkeys) on the HSM (well, yubikey), and the other
parts locally?

Looking forward to having up-to-date documentation once the dust
settles. I have enough yubikeys which are only used for 2FA.

(Well, and I'd need an airgapped, separate system, which I don't have)

thanks,
iustin
Reply to: