Is there any suggestions as to where I could get reliable information related to this topic? For example what do Debian Developers do with there private keys?
Well, I might as well try and take a stab at it. I'll rate my suggestions from 1 to 5 based on how well I understand the issue a 1 would indecate that I'm not at all sure about this advice and a 5 would indicate I've been told to do this and had myself and others report success/problems with it. 5. Use a symmetric pass-phrase to encrypt your key. 5. Don't forget your pass-phrase. 4. Generate a revocation for use if you loose your key. 2. store a revocation in multiple locations. 4. Protect yourself from some one stealing/using your revocation. 3. It may defeat the purpose of having a revocation if it has a : symmetric pass-phrase. 5. Chose a strong pass-phrase, I use apg. <code> che...@overrun:~$ apg Please enter some random data (only first 8 are significant) (eg. your old password):>/I typed "test"/ Rappern2 (Rapp-ern-TWO) UgCijAc7 (Ug-Cij-Ac-SEVEN) EevfibOpud7 (Eev-fib-Op-ud-SEVEN) Ewyevdat8 (Ew-yev-dat-EIGHT) 9Wrivyeaheny (NINE-Wriv-yea-hen-y) MimGufIbrIv2 (Mim-Guf-Ibr-Iv-TWO) </code> 5. Make sure your key is stored on vary reliable media. 1. Store your key in multiple locations or on a few computers. 4. Use removable media and a secure safe for a backup. 1. Perhaps using different pass-phrase. 1. Don't bother to change your pass-phrase. 5. Change your pass-phrase if it should ever be discovered. 1. Store your key on a trusted *shell that all your boxes : have access too. 1. Use ssh-agent on your local system to 'fetch'/ssh-add : the key over ssh. 3. Don't ever store your keys in NV storage on a portable : device. 2: Don't store your keys on a desktop system in your home : or anywhere else if theft could be a problem. * A shell being a highly reliable shell account on a server.(Some examples/suggestions would be nice) On Wed, Jun 24, 2009 at 2:18 AM, Mike Mestnik<che...@visi.com> wrote: > Are there any guide lines for the Web-Of-Trust projects surrounding > Debian or in general? I have had a number of problems with private keys > over these past years that I've used PKI, forgetting the password, > loosing(what partition/server/drive) the file, drive corruption, > accidental deletes. I've recently lost my job and thus my work related > pgp key that I've used for my work email address and several work > related PKIs. Thus I'm at a point where I can once again start fresh > and not wanting to repeat previous mistakes I wanted to get some vector > on what are good ideas and what ideas would sound good but be vary bad. > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
