private key protection

Robert J. Hansen rjh at
Mon Oct 17 23:30:48 CEST 2011

On 10/17/11 5:18 PM, takethebus at wrote:
> what is the best way to protect your private key from getting
> stolen?

Smartcard and a good PIN.  That's pretty much the gold standard.  It's
not the best way (there is no 'best way'), but it's generally an
excellent place to start from.

> 1. Using gnupg on a windows PC with internet connection is not good,
> because there are too many trojans out there.

Let's be cautious here: if using GnuPG on a Windows PC with an internet
connection is not good, then using GnuPG on a Linux machine with an
internet connection is not good, either.  Turenne once wrote, "when a
general makes no mistakes in war, it is because he has not been at it
long."  The same can be said of system administrators: when a sysadmin
has never lost a box to an exploit, it is because he or she has not been
at the job very long.

> 2. Using gnupg on a linux PC with internet connection (like privatix,
> see ) is better since
> there are fewer(?) security holes and trojans out there.

I emphatically disagree with this.

> 3. The best way

"The best way" is almost always a misnomer.  Everyone has different
needs and is targeted by different threats: what's "best" for you will
likely be very bad for someone else.

More information about the Gnupg-users mailing list