Key server security considerations / Certification Authorities

Janusz A. Urbanowicz
Mon Feb 19 02:00:02 2001

> > I visited for example, however they only sign keys
> > that they have created,
> So they also have your secret key. Very practical when the government wants
> to know things about you, like in Germany, what you were discussing with
> that member of a forbidden political party.
It depends on smartcard users. There are RSA smartcards that you can trigger to generate a key and give you public part for certification (and you can send them signed public key back for storage) but they won't surrender you a private key. Alex