Re: Handling personal/self(WebOfTrust) pgp/gpg private keys.
Is there any suggestions as to where I could get reliable information related to
this topic? For example what do Debian Developers do with there private keys?
Well, I might as well try and take a stab at it. I'll rate my
suggestions from 1 to 5
based on how well I understand the issue a 1 would indecate that I'm not at all
sure about this advice and a 5 would indicate I've been told to do this and had
myself and others report success/problems with it.
5. Use a symmetric pass-phrase to encrypt your key.
5. Don't forget your pass-phrase.
4. Generate a revocation for use if you loose your key.
2. store a revocation in multiple locations.
4. Protect yourself from some one stealing/using your revocation.
3. It may defeat the purpose of having a revocation if it has a
: symmetric pass-phrase.
5. Chose a strong pass-phrase, I use apg.
Please enter some random data (only first 8 are significant)
(eg. your old password):>/I typed "test"/
5. Make sure your key is stored on vary reliable media.
1. Store your key in multiple locations or on a few computers.
4. Use removable media and a secure safe for a backup.
1. Perhaps using different pass-phrase.
1. Don't bother to change your pass-phrase.
5. Change your pass-phrase if it should ever be discovered.
1. Store your key on a trusted *shell that all your boxes
: have access too.
1. Use ssh-agent on your local system to 'fetch'/ssh-add
: the key over ssh.
3. Don't ever store your keys in NV storage on a portable
2: Don't store your keys on a desktop system in your home
: or anywhere else if theft could be a problem.
* A shell being a highly reliable shell account on a server.(Some
examples/suggestions would be nice)
On Wed, Jun 24, 2009 at 2:18 AM, Mike Mestnik<email@example.com> wrote:
> Are there any guide lines for the Web-Of-Trust projects surrounding
> Debian or in general? I have had a number of problems with private keys
> over these past years that I've used PKI, forgetting the password,
> loosing(what partition/server/drive) the file, drive corruption,
> accidental deletes. I've recently lost my job and thus my work related
> pgp key that I've used for my work email address and several work
> related PKIs. Thus I'm at a point where I can once again start fresh
> and not wanting to repeat previous mistakes I wanted to get some vector
> on what are good ideas and what ideas would sound good but be vary bad.