Securing Secret Keys
David Shaw
dshaw@jabberwocky.com
Fri Mar 28 15:35:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Mar 27, 2003 at 08:01:49AM -0500, Brad Tilley wrote:
> Hello,
>
> I'm changing jobs, and I'll be leaving my old Linux workstation for a new one
> at another company. What is the proper way to remove my keys from the old
> machine? I don't want my private key to become suspect... I've had it for
> several years now.
It depends on your paranoia level. In decreasing order of
paranoia-level, some solutions are:
* Revoke the key.
* Buy your company another hard drive, and take this one with you.
* Wipe the hard drive (not really that effective with modern
hardware).
Something to look into in the future is to use subkeys and keep your
primary secret key offline. Then, the worst that can happen is you
will generate some new subkeys and you get to keep your existing
signatures.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+hF254mZch0nhy8kRAhbVAJ9LT5ijFT6ToLe1/OTqB3B73UK0LgCgus+g
TM64qTTOGuR/t6WhX++4lfA=
=TZNp
-----END PGP SIGNATURE-----