best practice for handing over the private key
Nomen Nescio
nobody at dizum.com
Fri Aug 2 18:52:16 CEST 2013
Martin T wrote:
> I need to create a public and private key pair for a person
> representing an organization, upload the public key to RIPE(regional
> Internet registry in Europe) public server, create some database
> entries using those public and private keys and finally hand over the
> private key + password protecting the private key to this person.
>
do you telephone to ORGNAME representative,
you have assurance of correct party?
1. email to ORGNAME representative the PUBKEY you create.
2. phone:
2a. ORGNAME representative confirms fingerprint of emailed PUBKEY.
2b. you give to ORGNAME representative passphrase for the SECKEY.
2c. ORGNAME representative gives a chosen passphrase for symmetric
encryption.
3. you email to ORGNAME representative SECKEY encrypted with their
chosen passphrase and signed by the PUBKEY.
(1) gpg --armor --export --output pubkey.asc ORGNAME
(3) gpg -a --export-secret-keys ORGNAME | gpg -acs --force-mdc -o
seckey.asc -u ORGNAME
More information about the Gnupg-users
mailing list