key security
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Tue Apr 9 22:07:01 2002
--=-2RkE13FmBgjXX8mlG1UI
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2002-04-09 at 21:37, Jeroen Valcke wrote:
> 1/ What about key security. Do you people all leave your private key on
> the harddisk of your machine. On Debian linux that's in the .gnupg
> directory. How about putting this whole directory on removable media
> (for example diskette) A colleague of mine has his on a remove USB
> media. Good idea? reactions? impractical?
floppy would most likely be too small for the whole directory (depending
on how you use gpg). I auto-add all verified signatures to my public key
ring.
But in principle you are right: putting the secret key ring onto
removable media would be the thing. Personally, I'm lazy and trust the
protection of my password, but use a seperate (more short lived) private
key in the office with a network shared home dir.
> 2/ To encrypt a message all I need is the recipients public key, right?
> Encryption is done solely with the public key of the recipient. My
> private key is not used, is this correct?
Yes. But mostly you'll want to sign your messages with your key in
addition to encrypting them.
cheers
-- vbi
--=-2RkE13FmBgjXX8mlG1UI
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEABECAAYFAjyzShIACgkQFDhRaJIIJIF/JgCcD8lh7QLOK35pXNNp2lzFYGQM
roQAnR1prsMTBRC5nYtQwSUYPbtetx2R
=50DT
-----END PGP SIGNATURE-----
--=-2RkE13FmBgjXX8mlG1UI--