best practice for handing over the private key

Martin T m4rtntns at gmail.com
Fri Aug 2 12:51:10 CEST 2013


Hi,

I need to create a public and private key pair for a person
representing an organization, upload the public key to RIPE(regional
Internet registry in Europe) public server, create some database
entries using those public and private keys and finally hand over the
private key + password protecting the private key to this person. I'm
aware that handing over the private key is not the best practice, but
at the moment I don't have an option. Has anyone been in similar
situation? I thought that I'll ship the private key on a USB memory
stick in closed envelope, send the password protecting the private key
over e-mail or SMS, delete the private key from my own machine and ask
him to change the password protecting the private key. Are there
better methods? Or ask him to create personal gpg key pair, upload the
public key to key-server and finally I'll encrypt this private key
with his personal public key from the key server and send the
encrypted private key to his e-mail? This method doesn't require
shipping the USB memory stick. Better ideas?



regards,
Martin



More information about the Gnupg-users mailing list