offline primary keys

Ximin Luo infinity0 at pwned.gg
Wed Sep 24 12:05:21 CEST 2014


On 24/09/14 08:20, Werner Koch wrote:
>> As for Ximin's goals: I think the transition process could look like this:
>>
>>  0) add a signing-capable subkey
>>  1) remove signing-capability from primary key
>>  2) move primary key offline
> 
> IMHO this is worthless.  If this would go mainstream, malware will
> adjust for this scenario immediately.  You need to create the high-value
> primary key on a dedicated offline device.
> 

No, it's not worthless unless you think all machines are infected all the time.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140924/9689d644/attachment.sig>


More information about the Gnupg-devel mailing list