[jehteh]

If you are using GPG keys and have the master key backed up somewhere you can fairly easily use that on an offline machine to add the new key to the full batch of password files without needing to perform a million button presses.

[doubled112]

Been there and done that. People are backing up those keys, right?

Could also disable the touch to decrypt feature while you performed the rekey?

[jehteh]

I hope people back up their GPG keys (and test their backups! My subkeys on the yubikey expire annually, forcing me to validate my master key backup at least once a year).

Disabling touch is another option if you need to do a large batch of operations and are comfortable that your machine is secure.

[kenmacd]

You probably shouldn't be able to disable touch. If you can disable it then malware can disable it.

I'd highly recommend using the `fix` option instead of `on` to make sure it can't be disabled.

[captn3m0]

Yup. My backup key (the one that doesn’t travel with me) doesn’t have the touch policy and I use that for any bulk operations.