On 08/02/2013 01:31 PM, Martin T wrote: > Hi, > >> Your description sounds, to me, as if you are only generating a key for the >> other persons use. > > Not quite. At the beginning I need to use those keys myself in order > to create the needed database objects. Once those are done, I need to > hand over the private key to other person. So basically I'm generating > a key pair for other persons use which I need to use myself at the > beginning. > > > So you mean that my correspondent sends me his public key, encrypted > to my public key which he finds from the key-server, in an e-mail. > Then I generate the key pair needed for the project. Finally I encrypt > the project private key with his public key and e-mail this encrypted > private key to him. Once he confirms that he has received the project > private key, I will delete the project private key from my machine as > I do not need it any more. Is that what you meant?
I don't know if that is what John meant but this makes me far happier. I was concerned about the secret (private) key which I assumed you were creating via either a --export-secret-subkeys or a --export-secret-keys was being sent en-transit unencrypted. But the way you just said it here sounds optimal in protecting the secret key en-transit. If he wants only the secret / public key pair (does not want a personal key pair), the encryption and zipping of the secret key for en-transit could be done with 7-zip's AES-128 cipher which avoids a chicken versus egg problem and still gives some measure of securing the secret key en-transit: http://www.7-zip.org/ Send the password for the zip separately and preferably after the secret key is sent. If you send the keys in snail mail on a USB stick use something a little sturdier than an envelope like a small box with foam peanut shipping padding. Wait a little longer than you think is necessary before deleting the secret (private) key just in case something goes wrong. But the way you just said it sounds best to me. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users