offline primary keys

Ximin Luo infinity0 at
Wed Sep 24 12:05:21 CEST 2014

On 24/09/14 08:20, Werner Koch wrote:
>> As for Ximin's goals: I think the transition process could look like this:
>>  0) add a signing-capable subkey
>>  1) remove signing-capability from primary key
>>  2) move primary key offline
> IMHO this is worthless.  If this would go mainstream, malware will
> adjust for this scenario immediately.  You need to create the high-value
> primary key on a dedicated offline device.

No, it's not worthless unless you think all machines are infected all the time.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140924/9689d644/attachment.sig>

More information about the Gnupg-devel mailing list