Hi, > Your description sounds, to me, as if you are only generating a key for the > other persons use.
Not quite. At the beginning I need to use those keys myself in order to create the needed database objects. Once those are done, I need to hand over the private key to other person. So basically I'm generating a key pair for other persons use which I need to use myself at the beginning. So you mean that my correspondent sends me his public key, encrypted to my public key which he finds from the key-server, in an e-mail. Then I generate the key pair needed for the project. Finally I encrypt the project private key with his public key and e-mail this encrypted private key to him. Once he confirms that he has received the project private key, I will delete the project private key from my machine as I do not need it any more. Is that what you meant? regards, Martin 2013/8/2, John Clizbe <j...@enigmail.net>: > Martin T wrote: >> Hi, >> >> I need to create a public and private key pair for a person >> representing an organization, upload the public key to RIPE(regional >> Internet registry in Europe) public server, create some database >> entries using those public and private keys and finally hand over the >> private key + password protecting the private key to this person. I'm >> aware that handing over the private key is not the best practice, but >> at the moment I don't have an option. Has anyone been in similar >> situation? I thought that I'll ship the private key on a USB memory >> stick in closed envelope, send the password protecting the private key >> over e-mail or SMS, delete the private key from my own machine and ask >> him to change the password protecting the private key. Are there >> better methods? Or ask him to create personal gpg key pair, upload the >> public key to key-server and finally I'll encrypt this private key >> with his personal public key from the key server and send the >> encrypted private key to his e-mail? This method doesn't require >> shipping the USB memory stick. Better ideas? > > Usually the phrase "handing over the private key" is used to denote an > element > of coercion, as in surrendering the key. Your description sounds, to me, as > if > you are only generating a key for the other persons use. > > For a project I work with, three of us may sign archives with the project > key. > That key was generated and encrypted to each of the other two persons > public > keys and then emailed to them. > > Your correspondent doesn't need to upload his key to the keyservers to get > it > to you. He could send you his public key, encrypted to your public key, in > an > email. > > -- > John P. Clizbe Inet: John (a) Gingerbear DAWT net > SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net > FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or > mailto:pgp-public-k...@gingerbear.net?subject=HELP > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
