On 15/08/13 09:45, ix4...@gmail.com wrote: > But with this setup it seems like the process to sign someone else's keys > (which > needs to be done with the offline mainkey) will be complicated. > > How would I do that?
You would use an offline system which has the offline main key. Just copying the main key back to your "normal" system would pretty much defeat the purpose. I think "the purpose" is, by the way: "If my normal computer gets compromised in the future, at least the attacker won't have my primary private key". I suddenly thought of something which I'll come back to in the end. So you would use an offline computer. Your offline system is not connected to the internet, but you need to get data in and out. So you would for instance use a USB key. It's also an attack vector, but you have to have something. There simply is no perfect security, so at some point you need to compromise. You transfer the key you want to sign to the offline system. On the offline system, you simply do something along the lines of: $ gpg2 --import /media/usb-key/someone_elses_key.gpg $ gpg2 --edit-key "Someone Else" sign And then you still need to transfer the signed key to the outer world. So you put it on your USB key: $ gpg2 -o /media/usb-key/someone_elses_key_signed.gpg --export "Someone Else" And on your normal system, you import it and, e.g., send it to a keyserver: $ gpg2 --import /media/usb-key/someone_elses_key_signed.gpg $ gpg2 --send-key "Someone Else" Note that it is not necessary to specify "sign" as the command for --edit-key. If you don't give a command, you can then enter it in the interactive --edit-key menu. Also, for the lone --send-key on the final command, you need to have a default keyserver configured in gpg.conf, otherwise you need to specify it on the command line. I suddenly noticed something in Hauke's advice while I formulated my "future compromise" scenario. I read his advice as "create the key on your normal system, then delete the primary key from that system". But deleted files are usually still on the hard drive. If I hacked your system and were interested in your private key, I'd probably search all free space on the hard drive for data that looks like a private keyring. I might be able to extract your private key, even though you thought you were safe because you deleted it. I would advise to create the whole key on the offline system you will be using to sign people's keys, and export the subkeys to your normal system. You might want to wipe all free space on your hard drive if you generated it on your normal system. Don't forget the internal fragmentation at the end of allocated files; or to put it more practically: use a tool that doesn't forget this ;). Journals can be nice to snoop around in too. I tried to find a wipe tool in the Debian package manager just now that said it also took care of the journal, but I can't find one. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
