best practice for handing over the private key
nobody at dizum.com
Fri Aug 2 18:52:16 CEST 2013
Martin T wrote:
> I need to create a public and private key pair for a person
> representing an organization, upload the public key to RIPE(regional
> Internet registry in Europe) public server, create some database
> entries using those public and private keys and finally hand over the
> private key + password protecting the private key to this person.
do you telephone to ORGNAME representative,
you have assurance of correct party?
1. email to ORGNAME representative the PUBKEY you create.
2a. ORGNAME representative confirms fingerprint of emailed PUBKEY.
2b. you give to ORGNAME representative passphrase for the SECKEY.
2c. ORGNAME representative gives a chosen passphrase for symmetric
3. you email to ORGNAME representative SECKEY encrypted with their
chosen passphrase and signed by the PUBKEY.
(1) gpg --armor --export --output pubkey.asc ORGNAME
(3) gpg -a --export-secret-keys ORGNAME | gpg -acs --force-mdc -o
seckey.asc -u ORGNAME
More information about the Gnupg-users