Gunnar Wolf <gwolf@gwolf.org> writes: > Urgh... > Well, please enlighten me here: Without fully auditing the Javascript > code you are using to do the crypto client-side, can you *really* be > certain your private half has not travelled to Keybase? If Javascript running in a browser has access to your GPG secret key without you explicitly pasting it into the browser, I think you have larger problems.... -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>