many questions

F. Rodriguez MagicFab at
Tue Aug 3 06:12:45 CEST 2004

Neil Williams a écrit :

> On Monday 02 August 2004 7:33, F. Rodriguez wrote:
>>Stuardo - StR - Rodriguez wrote:
>>>1) Can I create all the keys in a single machine to export them to the
>>>other machines?
>>Yes. I would create one keyring with all public keys and separate
>>keyrings for the private keys on each machine.
> Generating all the keys yourself is a bad idea - generating them all on one 
> machine (each key generated by the final user) is a practical problem. You 
> shouldn't expect people to trust a key generated by someone else! (Generating 
> a key requires setting the passphrase and it isn't wise to use a key to which 
> someone else has a passphrase. Even if the user changes the passphrase in 
> their private key, what is to say that you haven't kept an old private key 
> with your own passphrase? Multiple copies of private keys with different 
> people should be avoided.

That depends if you are the local Chief Security Officer (or "GnuPG 
guy/girl"). As I said, you can pretty much decide whatever you want to 
do, or trust. Just keep in mind the implications.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20040803/f282fed5/signature.bin

More information about the Gnupg-users mailing list