offline primary keys
infinity0 at pwned.gg
Wed Sep 24 12:05:21 CEST 2014
On 24/09/14 08:20, Werner Koch wrote:
>> As for Ximin's goals: I think the transition process could look like this:
>> 0) add a signing-capable subkey
>> 1) remove signing-capability from primary key
>> 2) move primary key offline
> IMHO this is worthless. If this would go mainstream, malware will
> adjust for this scenario immediately. You need to create the high-value
> primary key on a dedicated offline device.
No, it's not worthless unless you think all machines are infected all the time.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel