On 05/18/2016 06:16 PM, Florian Snow wrote:
To be fair, I don't really need a smartcard right now anyway. I am happy having my GnuPG keys on an encrypted hard drive.
Besides GnuPG, you can also use it for SSH logins.
That does not protect against every kind of attack, but it is good enough at the moment (and I get to use larger keys).
Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by Zeitcontrol support up to 4096bit RSA keys. Which is already a quite ridiculous size. More important is to rotate (sub)keys regularly, so you don't rely on a single key for a long period. The primary (master) key can still be larger, and does not have to be stored on a smartcard anyway.
Unfortunately, it is very hard to manage rotating subkeys with smartcards, and I have yet to see a tutorial that touches on that aspect. Makes me wonder if anyone really uses it properly.
Where do you keep your subkeys if you rotate, say, every 6 months? I really don't want to carry around 10 smartcards to be able to access a 5 year old email. But, yes, that's more of a "mail-in-storage" problem than a GnuPG problem. Mailvelope shows how one should do it: Symmetric encryption at rest, and GnuPG only for transport.