Am Freitag, den 04.04.2014, 14:50 +0100 schrieb Jonathan Dowland:
> keybase.io is a thing. This thing lets you, amongst other things, upload a copy
> of your PGP private key to their servers. This is client-side encrypted.
Well, this "thing" raises several red flags just by reading "upload ...
private key". This alone smells very wrong, because I'm the opinion a
private key must never leave my (trusted) system)
Reading a little about it, e.g the issue tracker, they *require* the
passphrase when you upload the key . With that it is completly out of
your control, and if it is client-side-encrypted, for what they need the
passphrase in the first place? This makes only sense if they need to
access the private key sometime, and then the client-side encryption is
snake oil (and you never now if your should be better be recoveked)
Also, some reading suggestion:
Disclaimer: Just reading informations, did not try out smth to confirm
- From: Jonathan Dowland <email@example.com>