best practice for handing over the private key

Nomen Nescio nobody at
Fri Aug 2 18:52:16 CEST 2013

Martin T wrote:

> I need to create a public and private key pair for a person
> representing an organization, upload the public key to RIPE(regional
> Internet registry in Europe) public server, create some database
> entries using those public and private keys and finally hand over the
> private key + password protecting the private key to this person.

do you telephone to ORGNAME representative,
you have assurance of correct party?

1.  email to ORGNAME representative the PUBKEY you create.
2.  phone:
2a. ORGNAME representative confirms fingerprint of emailed PUBKEY.
2b. you give to ORGNAME representative passphrase for the SECKEY.
2c. ORGNAME representative gives a chosen passphrase for symmetric 
3.  you email to ORGNAME representative SECKEY encrypted with their
    chosen passphrase and signed by the PUBKEY.

(1) gpg --armor --export --output pubkey.asc ORGNAME
(3) gpg -a --export-secret-keys ORGNAME | gpg -acs --force-mdc -o 
seckey.asc -u ORGNAME

More information about the Gnupg-users mailing list