| ▲ | nine_k 5 days ago | |
I agree that age + minisign comprise a much neater stack that does basically everything I would need to use PGP for. Neither of them supports hardware keys though, as much as I could see. OTOH ssh and GnuPG do support hardware keys, like smart cards or Yubikey-like devices. I suppose by the same token (not a pun, sadly) they don't support various software keychains provided by OSes, since they don't support any external PKCS11 providers (the way ssh does). This may reduce the attack needed to steal a private key to a simple unprivileged infiltration, e.g. via code run during installation of a compromised npm package, or similar. | ||
| ▲ | some_furry 5 days ago | parent | next [-] | |
> Neither of them supports hardware keys though, as much as I could see. | ||
| ▲ | nine_k 5 days ago | parent | prev [-] | |
BTW apparently age has plugins that allow to use FIDO2 and TPM for cryptography. | ||