[OT] openPGP: keeping primary key offline?
Regarding openPGP usage, it is recommended in several user guides to
keep the primary key offline and keeping on the main computer only
subkeys. The argumentation is that if keeping it on the main computer
then it could be used in an unauthorized way.
Of course, what is offline, like a good backup, is safer than what is
kept online, simply because it cannot be accessed on the computer.
But, would it really be so easy for someone to to use a primary key?
Isn't the primary key stored passphrase protected, thus stored encrypted?
Except the case that an attacker would be in my system and actively
spying on me with a keylogger and other bad tools, I would assume that
if someone would simply steel (copy and carry away) my complete ~/.gnupg
folder with the primary key and revocation certificates somewhere being
stored in there, the usage of these keys and certificates would only be
possible after decryption upon the correct answer at the passphrase
request? Isn't it like this?
Marco.
Reply to: