Gentoo Archives: gentoo-user

From: Mike Edenfield <kutulu@××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] {OT} GPG: pub & sec keys required to decrypt?
Date: Wed, 10 Sep 2008 16:21:09
Message-Id: 48C7F3F0.1040104@kutulu.org
In Reply to: Re: [gentoo-user] {OT} GPG: pub & sec keys required to decrypt? by Grant
1 Grant wrote:
2 >>> Can I configure this so that I don't have the two keys on the same
3 >>> system? I'd like encrypt with my remote system and decrypt with my
4 >>> local system. Is that possible? It seems like importing my private
5 >>> key also imports the public key.
6 >> I'm a bit confused as to what you're trying to do. If you are encrypting
7 >> mail to other people, you should be using *their* public key, not your own.
8 >> The only case where you need your public key is to encrypt mail to
9 >> *yourself*; otherwise you don't need either of your keys on the remote
10 >> system.
11
12 > Should I delete the private key from the remote system? It sounds
13 > like the public key can always be regenerated from the private key so
14 > there's no use in deleting it from the local system.
15
16 Yes to both statements. Having your private key on the remote system is
17 an unnecessary risk, since you don't need it to encrypt data and it's
18 exposed to anyone else with access to that system. And, though I
19 haven't done it, GnuPG's docs say that the public key can easily (one
20 gpg command) be regenerated from the private key, so you may as well
21 keep it around for convenience.
22
23 --Mike

Replies

Subject Author
Re: [gentoo-user] {OT} GPG: pub & sec keys required to decrypt? Grant <emailgrant@×××××.com>