Protecting signing key

Alphax alphasigmax at
Tue Aug 2 10:32:45 CEST 2005

Hash: RIPEMD160

S K wrote:
> Hi,
> I plan to make myself a signing key and keep it
> offline and as securely as possible.

Well, you could try Tinfoil Hat Linux (
run it on a computer with an LCD screen (laptops are best) - in a
steel-and-concrete strongroom (complete with Faraday cage) - that has
never been connected to a network. Remove all hard drives for good measure.

Or, you could store you signing key on a CD-R in a safe deposit box 3
hours drive from your house, with the passphrase stored in another safe
deposit box 3 hours drive the other way from your house.

Or, you could just make damn sure you are the only one with access to
the computer... with a GOOD passphrase on it.

In some ways worse (and by far more common) is not theft of the private
key, but losing it completely. Make sure you have both a backup of it
and a revocation certificate.

As for the encrypted file systems... Windows supports whole disk
encryption in various forms as well.

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards    |   / \
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list