On Wed, Apr 2, 2014 at 3:14 PM, Leo Gaspard <[email protected]> wrote:
> Were you to use the key both for gnupg and other systems, I would > understand, > but doing things this way...? > I think generally it would be bad practice either way. A compromised server happens more often than a compromised gpg key. Therefore if a server gets compromised effectively your gpg private key has been compromised. It would be best to keep them separate entirely and not reuse the RSA key pair anywhere else. Treat your gpg private key like your identity (i.e. social security number) because it really is your identity... unless you want to go through the hassle of generating a new key and having your web of trust go through the hassle of resigning it when your RSA key gets compromised on a server. openssl tools are simple enough that generating throw away RSA keys is a no brainer. The same goes for most applications that support RSA keys. SAM
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
