Martin T wrote: > Hi, > > I need to create a public and private key pair for a person > representing an organization, upload the public key to RIPE(regional > Internet registry in Europe) public server, create some database > entries using those public and private keys and finally hand over the > private key + password protecting the private key to this person. I'm > aware that handing over the private key is not the best practice, but > at the moment I don't have an option. Has anyone been in similar > situation? I thought that I'll ship the private key on a USB memory > stick in closed envelope, send the password protecting the private key > over e-mail or SMS, delete the private key from my own machine and ask > him to change the password protecting the private key. Are there > better methods? Or ask him to create personal gpg key pair, upload the > public key to key-server and finally I'll encrypt this private key > with his personal public key from the key server and send the > encrypted private key to his e-mail? This method doesn't require > shipping the USB memory stick. Better ideas?
Usually the phrase "handing over the private key" is used to denote an element of coercion, as in surrendering the key. Your description sounds, to me, as if you are only generating a key for the other persons use. For a project I work with, three of us may sign archives with the project key. That key was generated and encrypted to each of the other two persons public keys and then emailed to them. Your correspondent doesn't need to upload his key to the keyservers to get it to you. He could send you his public key, encrypted to your public key, in an email. -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users