gpg --list-sigs (root for other users)

Neil Williams linux at
Tue Mar 9 19:23:59 CET 2004

On Tue, Mar 09, 2004 at 06:04:53PM +0100, Mark Kirchner wrote:
> Hi,
> On Sunday, March 7, 2004, 9:14:54 AM, Neil wrote:
> > [Keep the secring.gpg on a USB stick etc.]
> >
> I know, I know, it _is_ (somewhat) safer to do it this way. The evil
> admin has to jump through a few more hoops to get your key. But in the
> end, it's just security by obscurity and might make you feel a lot
> safer than it really is. IMHO at least.

A targeted attack is always more of a problem. If someone really is out
to get you, there will be a way to compromise the key.

> So, ever done that USB stick thing? In this case, you should consider

No. :-))

I never would, it was just a possible solution for someone else's
problem. I agree it isn't a whole lot better but it was the best I could
come up with at the time. 

As the manual says, it depends on your level of paranoia.

> your key "hopelessly compromised" and it "MUST be revoked". *smile*

Agreed. Thankfully, I'd never take such a risk with my secret key.


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040309/e0de0823/attachment.bin

More information about the Gnupg-users mailing list