[OT] openPGP: keeping primary key offline?

To: debian-user@lists.debian.org
Subject: [OT] openPGP: keeping primary key offline?
From: Marco Möller <talby@debianlists.mobilxpress.net>
Date: Tue, 22 Jun 2021 10:46:58 +0200
Message-id: <[🔎] 70457561-1634-cc8b-49e3-c96d197f6eb5@debianlists.mobilxpress.net>

Regarding openPGP usage, it is recommended in several user guides tokeep the primary key offline and keeping on the main computer onlysubkeys. The argumentation is that if keeping it on the main computerthen it could be used in an unauthorized way.Of course, what is offline, like a good backup, is safer than what iskept online, simply because it cannot be accessed on the computer.But, would it really be so easy for someone to to use a primary key?Isn't the primary key stored passphrase protected, thus stored encrypted?Except the case that an attacker would be in my system and activelyspying on me with a keylogger and other bad tools, I would assume thatif someone would simply steel (copy and carry away) my complete ~/.gnupgfolder with the primary key and revocation certificates somewhere beingstored in there, the usage of these keys and certificates would only bepossible after decryption upon the correct answer at the passphraserequest? Isn't it like this?


Marco.

Reply to:

Follow-Ups:
- Re: [OT] openPGP: keeping primary key offline?
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: [OT] openPGP: keeping primary key offline?
  - From: Teemu Likonen <tlikonen@iki.fi>

Prev by Date: Auto install security updates only?
Next by Date: Gmail's special approach to Email [was: Re: Messed up Email]
Previous by thread: Re: Auto install security updates only?
Next by thread: Re: [OT] openPGP: keeping primary key offline?
Index(es):
- Date
- Thread