private key protection
Robert J. Hansen
rjh at sixdemonbag.org
Mon Oct 17 23:30:48 CEST 2011
On 10/17/11 5:18 PM, takethebus at gmx.de wrote:
> what is the best way to protect your private key from getting
> stolen?
Smartcard and a good PIN. That's pretty much the gold standard. It's
not the best way (there is no 'best way'), but it's generally an
excellent place to start from.
> 1. Using gnupg on a windows PC with internet connection is not good,
> because there are too many trojans out there.
Let's be cautious here: if using GnuPG on a Windows PC with an internet
connection is not good, then using GnuPG on a Linux machine with an
internet connection is not good, either. Turenne once wrote, "when a
general makes no mistakes in war, it is because he has not been at it
long." The same can be said of system administrators: when a sysadmin
has never lost a box to an exploit, it is because he or she has not been
at the job very long.
> 2. Using gnupg on a linux PC with internet connection (like privatix,
> see http://www.mandalka.name/privatix/index.html.en ) is better since
> there are fewer(?) security holes and trojans out there.
I emphatically disagree with this.
> 3. The best way
"The best way" is almost always a misnomer. Everyone has different
needs and is targeted by different threats: what's "best" for you will
likely be very bad for someone else.
More information about the Gnupg-users
mailing list