Using an RSA GnuPG key for RSA ?
Sam Gleske
sam.mxracer at gmail.com
Thu Apr 3 16:39:28 CEST 2014
On Wed, Apr 2, 2014 at 3:14 PM, Leo Gaspard <ekleog at gmail.com> wrote:
> Were you to use the key both for gnupg and other systems, I would
> understand,
> but doing things this way...?
>
I think generally it would be bad practice either way. A compromised
server happens more often than a compromised gpg key. Therefore if a
server gets compromised effectively your gpg private key has been
compromised. It would be best to keep them separate entirely and not reuse
the RSA key pair anywhere else. Treat your gpg private key like your
identity (i.e. social security number) because it really is your
identity... unless you want to go through the hassle of generating a new
key and having your web of trust go through the hassle of resigning it when
your RSA key gets compromised on a server.
openssl tools are simple enough that generating throw away RSA keys is a no
brainer. The same goes for most applications that support RSA keys.
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140403/9d1a3bc3/attachment.html>
More information about the Gnupg-users
mailing list