MagicFab at FabianRodriguez.com
Tue Aug 3 06:12:45 CEST 2004
Neil Williams a écrit :
> On Monday 02 August 2004 7:33, F. Rodriguez wrote:
>>Stuardo - StR - Rodriguez wrote:
>>>1) Can I create all the keys in a single machine to export them to the
>>Yes. I would create one keyring with all public keys and separate
>>keyrings for the private keys on each machine.
> Generating all the keys yourself is a bad idea - generating them all on one
> machine (each key generated by the final user) is a practical problem. You
> shouldn't expect people to trust a key generated by someone else! (Generating
> a key requires setting the passphrase and it isn't wise to use a key to which
> someone else has a passphrase. Even if the user changes the passphrase in
> their private key, what is to say that you haven't kept an old private key
> with your own passphrase? Multiple copies of private keys with different
> people should be avoided.
That depends if you are the local Chief Security Officer (or "GnuPG
guy/girl"). As I said, you can pretty much decide whatever you want to
do, or trust. Just keep in mind the implications.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20040803/f282fed5/signature.bin
More information about the Gnupg-users