On 6/1/2017 9:30 AM, Dave Jones wrote:
Where should I put the private key then? If you are going to
personally see Greg, then it may make more sense for you to generate
it offline so the private key is not checked into SVN or emailed from
me to you.
Sorry, I wasn't clear. In my head, I had been thinking about giving him
just the passphrase out of band.
If you generate a key pair with a ridiculously strong passphrase which
you can relay over the phone, we can then email the private, passphrase
protected key pair to Greg. I'll follow-up with the passphrase in
person. Then once you and I confirm we have the private key off the
server and safely onto our own network, we are safe enough I believe.
Then we should only need the public key in our key rings to encrypt it
to that sysadmins@ account.
This matched what Greg discussed a week or 3 ago.
Regards,
KAM