On Fri, Apr 04, 2014 at 04:33:18PM +0200, Tobias Frost wrote: > Well, this "thing" raises several red flags just by reading "upload ... > private key". This alone smells very wrong, because I'm the opinion a > private key must never leave my (trusted) system)
More than that, it's good practice to never let the private half leave an offline machine, and use that offline high-entropy machine issue signing subkeys which you can take with you on your other machines. I'm not doing this, but it's good practice (and I should start once I can be bothered to generate new keys) Cheers, Paul -- .''`. Paul Tagliamonte <paul...@debian.org> | Proud Debian Developer : :' : 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `. `'` http://people.debian.org/~paultag `- http://people.debian.org/~paultag/conduct-statement.txt
signature.asc
Description: Digital signature
