key security

[Adrian 'Dagurashibanipal' von Bidder]

--=-2RkE13FmBgjXX8mlG1UI
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-04-09 at 21:37, Jeroen Valcke wrote:

> 1/ What about key security. Do you people all leave your private key on
> the harddisk of your machine. On Debian linux that's in the .gnupg
> directory. How about putting this whole directory on removable media
> (for example diskette) A colleague of mine has his on a remove USB
> media. Good idea? reactions? impractical?

floppy would most likely be too small for the whole directory (depending
on how you use gpg). I auto-add all verified signatures to my public key
ring.

But in principle you are right: putting the secret key ring onto
removable media would be the thing. Personally, I'm lazy and trust the
protection of my password, but use a seperate (more short lived) private
key in the office with a network shared home dir.

> 2/ To encrypt a message all I need is the recipients public key, right?
> Encryption is done solely with the public key of the recipient. My
> private key is not used, is this correct?

Yes. But mostly you'll want to sign your messages with your key in
addition to encrypting them.

cheers
-- vbi


--=-2RkE13FmBgjXX8mlG1UI
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjyzShIACgkQFDhRaJIIJIF/JgCcD8lh7QLOK35pXNNp2lzFYGQM
roQAnR1prsMTBRC5nYtQwSUYPbtetx2R
=50DT
-----END PGP SIGNATURE-----

--=-2RkE13FmBgjXX8mlG1UI--