dadada.li/blog/gpg/index.html

<!doctype html>
<html lang="en-us">
  <head>
    <meta charset="utf-8" />
    <title>dadada's web log</title>
    <link
      rel="alternate"
      type="application/atom+xml"
      href="https://dadada.li/feed.xml"
      title="dadada"
    />
    <link rel="stylesheet" type="text/css" href="../../pagestyle.css" />
  </head>
  <body>
    <header>
      <nav>
        <a href="https://dadada.li/">dadada</a>
      </nav>
    </header>
    <main>
      <h1>Managing Stripped GPG Keys</h1>
      <pre>
    +--(master pass)                   +----(user pass)--+
    |        |                         |                 |
    |     decrypts                 decrypts           decrypts
    |        |                         |                 |
    |        v                         v                 v
decrypts  +----------------+     +----------+      +-----------+
    |     | TRUSTED        |     | ANDROID  |      | KEYCHAIN  |
    |     | SCA (master)   |     | SE (ssb) |      | SEA (ssb) |
    |     | offline + HSM  |     | Sandbox  |      | HSM       |
    |     +----------------+     +----------+      +-----------+
    |          |                        ^                 ^
    |          |                        |                 |
    |          +----creates-------------|-----------------+
    |
    |  +-----------------+
    |  | PAPER           |
    +->| SEA (master)    |
       | remote on paper |
       +-----------------+
</pre
      >
      <p>
        See
        <a
          href="https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/"
          >here</a
        >
        on how to strip the master key (sec) from your keyring and create secret
        subkeys (ssb) for daily active use. The master key can sign (S) new
        subkeys, create certificates (C) and provide authentication (A). The
        master key lives forever, while the ssb that is used for signing is
        created with an expiration date. All encryption keys may remain valid
        indefinitely until revoked. The master key can be used to revoke the
        subkeys.
      </p>
      <p>A few considerations</p>

      <ul>
        <li>
          use a separate PIN on the trusted system / for the master key (sec) in
          case a key-logger reads the PIN on a semi-trusted machine (e.g. laptop
          or android) when decrypting a secret subkey (ssb)
        </li>
        <li>use subkey (A) for authenticating ssh</li>
        <li>keep master key offline / air-gapped</li>
      </ul>
    </main>
    <footer>Released: 2017-12-03</footer>
  </body>
</html>