1 |
On Tue, Sep 9, 2008 at 18:50, Matt Harrison |
2 |
<iwasinnamuknow@×××××××××.com> wrote: |
3 |
>> It looks like I've imported a pub/sec keypair now. Should I remove |
4 |
>> the public key for security? Maybe I misunderstood from the beginning |
5 |
>> and having both keys on the same system isn't a security issue? |
6 |
>> |
7 |
>> - Grant |
8 |
>> |
9 |
> |
10 |
> It is still a security issue, but only as much as any other data on your |
11 |
> machine. Physical access to the box, or being remotely hacked will |
12 |
> always be a security risk. |
13 |
> |
14 |
> And yes, if someone does break in and copy your pub/sec keypair, they |
15 |
> will have full ability to masquerade as you in signed and encrypted emails. |
16 |
> |
17 |
> You have to weigh it up for yourself really. Many, many keep pub/sec |
18 |
> keypairs for their email on more than one machine. Of course it would be |
19 |
> a lot of work for someone to compromise your system for your gpg keys, |
20 |
> so your email would have to be of value to them. |
21 |
|
22 |
It's always possible to generate a revocations certificate and store |
23 |
it in a safe place (CD, usb key etc.) |
24 |
|
25 |
http://www.gnupg.org/gph/en/manual/c14.html |
26 |
|
27 |
regards, |
28 |
|
29 |
Boris. |
30 |
> |
31 |
> Just my $0.02 |
32 |
> |
33 |
> Matt |
34 |
> |
35 |
> |
36 |
|
37 |
|
38 |
|
39 |
-- |
40 |
$ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ |
41 |
aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ |
42 |
ax3aX4aXaX12ax10aaX7a").join' |